i need help knowing if I still i have the w32.Myzor.FK@yf virus. i follwed instructions from another thread but i dont know if i still have the w32.Myzor.FK@yf virus. When i would open my internet expolre it would say that i had a virus and need to download spyware protection, now it doesnt say it any more. Can somebody help me figure out if i have it or not?
I did this, can someone see if there is anything wrong with it: Logfile of HijackThis v1.99.1 Scan saved at 4:57:26 PM, on 8/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Digital Media Reader\shwicon2k.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\AIM\aim.exe C:\Program Files\BigFix\bigfix.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2DNG18VI\HijackThis_v1.99.1[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weakgame.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Ezmafv] C:\Program Files\Ustpn\Siyvw.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [virtual-ie] winlogi.exe O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c356.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {36D1745D-38C9-42EF-BF7F-25813A277C00} (AXSlider Control) - http://www.musicpoll.com/C3Web2/AXSliderProj.ocx O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135032142265 O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Your running Hijackthis from a temp folder. Go to Start - my computer Double click local disk (C and create a new folder in there called "HJT". Move your Hijackthis.exe in there. Go to the link below and download the trial version of SpySweeper: SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg * Click the Free Trial link under "SpySweeper" to download the program. * Install it. Once the program is installed, it will open. * It will prompt you to update to the latest definitions, click Yes. * Once the definitions are installed, click Options on the left side. * Click the Sweep Options tab. * Under What to Sweep please put a check next to the following: o Sweep Memory o Sweep Registry o Sweep Cookies o Sweep All User Accounts o Enable Direct Disk Sweeping o Sweep Contents of Compressed Files o Sweep for Rootkits o Please UNCHECK Do not Sweep System Restore Folder. * Click Sweep Now on the left side. * Click the Start button. * When it's done scanning, click the Next button. * Make sure everything has a check next to it, then click the Next button. * It will remove all of the items found. * Click Session Log in the upper right corner, copy everything in that window. * Click the Summary tab and click Finish. * Paste the contents of the session log you copied into your next reply. Also post a new Hijack This log.
Logfile of HijackThis v1.99.1 Scan saved at 6:48:10 PM, on 8/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Digital Media Reader\shwicon2k.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\AIM\aim.exe C:\Program Files\BigFix\bigfix.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2DNG18VI\HijackThis_v1.99.1[2].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weakgame.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SunKist] "C:\Program Files\Digital Media Reader\shwicon2k.exe" O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Ezmafv] C:\Program Files\Ustpn\Siyvw.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer O4 - HKLM\..\Run: [virtual-ie] winlogi.exe O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c356.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {36D1745D-38C9-42EF-BF7F-25813A277C00} (AXSlider Control) - http://www.musicpoll.com/C3Web2/AXSliderProj.ocx O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135032142265 O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe 6:43 PM: Removal process completed. Elapsed time 00:00:07 6:43 PM: Quarantining All Traces: starpulse cookie 6:43 PM: Quarantining All Traces: pesttrap cookie 6:43 PM: Quarantining All Traces: clixgalore cookie 6:43 PM: Quarantining All Traces: adminder cookie 6:43 PM: Quarantining All Traces: webpower cookie 6:43 PM: Quarantining All Traces: videodome cookie 6:43 PM: Quarantining All Traces: ugo cookie 6:43 PM: Quarantining All Traces: trb.com cookie 6:43 PM: Quarantining All Traces: tracking cookie 6:43 PM: Quarantining All Traces: toprebates.com cookie 6:43 PM: Quarantining All Traces: toplist cookie 6:43 PM: Quarantining All Traces: tickle cookie 6:43 PM: Quarantining All Traces: adbureau cookie 6:43 PM: Quarantining All Traces: servlet cookie 6:43 PM: Quarantining All Traces: seeq cookie 6:43 PM: Quarantining All Traces: coolsavings cookie 6:43 PM: Quarantining All Traces: tvguide cookie 6:43 PM: Quarantining All Traces: rn11 cookie 6:43 PM: Quarantining All Traces: reunion cookie 6:43 PM: Quarantining All Traces: directtrack cookie 6:43 PM: Quarantining All Traces: qsrch cookie 6:43 PM: Quarantining All Traces: pricegrabber cookie 6:43 PM: Quarantining All Traces: outster cookie 6:43 PM: Quarantining All Traces: 2o7.net cookie 6:43 PM: Quarantining All Traces: mrskin cookie 6:43 PM: Quarantining All Traces: monstermarketplace cookie 6:43 PM: Quarantining All Traces: metareward.com cookie 6:43 PM: Quarantining All Traces: malwarewipe cookie 6:43 PM: Quarantining All Traces: webtrends cookie 6:43 PM: Quarantining All Traces: domainsponsor cookie 6:43 PM: Quarantining All Traces: kinghost cookie 6:43 PM: Quarantining All Traces: imlive.com cookie 6:43 PM: Quarantining All Traces: freestats.net cookie 6:42 PM: Quarantining All Traces: gostats cookie 6:42 PM: Quarantining All Traces: gamespy cookie 6:42 PM: Quarantining All Traces: fortunecity cookie 6:42 PM: Quarantining All Traces: eroticy cookie 6:42 PM: Quarantining All Traces: engage cookie 6:42 PM: Quarantining All Traces: did-it cookie 6:42 PM: Quarantining All Traces: dealtime cookie 6:42 PM: Quarantining All Traces: danni cookie 6:42 PM: Quarantining All Traces: 360i cookie 6:42 PM: Quarantining All Traces: contextuads cookie 6:42 PM: Quarantining All Traces: classmates cookie 6:42 PM: Quarantining All Traces: ccbill cookie 6:42 PM: Quarantining All Traces: cassava cookie 6:42 PM: Quarantining All Traces: casalemedia cookie 6:42 PM: Quarantining All Traces: barelylegal cookie 6:42 PM: Quarantining All Traces: bravenet cookie 6:42 PM: Quarantining All Traces: banners cookie 6:42 PM: Quarantining All Traces: azjmp cookie 6:42 PM: Quarantining All Traces: primaryads cookie 6:42 PM: Quarantining All Traces: adultrevenueservice cookie 6:42 PM: Quarantining All Traces: adecn cookie 6:42 PM: Quarantining All Traces: aa cookie 6:42 PM: Quarantining All Traces: 888 cookie 6:42 PM: Quarantining All Traces: 64.62.232 cookie 6:42 PM: Quarantining All Traces: xiti cookie 6:42 PM: Quarantining All Traces: screensavers.com cookie 6:42 PM: Quarantining All Traces: tripod cookie 6:42 PM: Quarantining All Traces: realmedia cookie 6:42 PM: Quarantining All Traces: nextag cookie 6:42 PM: Quarantining All Traces: maxserving cookie 6:42 PM: Quarantining All Traces: techtarget cookie 6:42 PM: Quarantining All Traces: humanclick cookie 6:42 PM: Quarantining All Traces: go.com cookie 6:42 PM: Quarantining All Traces: experclick cookie 6:42 PM: Quarantining All Traces: cardomain cookie 6:42 PM: Quarantining All Traces: bizrate cookie 6:42 PM: Quarantining All Traces: banner cookie 6:42 PM: Quarantining All Traces: atwola cookie 6:42 PM: Quarantining All Traces: belnk cookie 6:42 PM: Quarantining All Traces: ask cookie 6:42 PM: Quarantining All Traces: apmebf cookie 6:42 PM: Quarantining All Traces: adserver cookie 6:42 PM: Quarantining All Traces: cc214142 cookie 6:42 PM: Quarantining All Traces: adrevolver cookie 6:42 PM: Quarantining All Traces: adprofile cookie 6:42 PM: Quarantining All Traces: hbmediapro cookie 6:42 PM: Quarantining All Traces: adknowledge cookie 6:42 PM: Quarantining All Traces: about cookie 6:42 PM: Quarantining All Traces: websponsors cookie 6:42 PM: Quarantining All Traces: winad 6:42 PM: Quarantining All Traces: 180search assistant/zango 6:42 PM: Removal process initiated 6:42 PM: Traces Found: 150 6:42 PM: Full Sweep has completed. Elapsed time 00:19:01 6:42 PM: File Sweep Complete, Elapsed Time: 00:17:11 6:35 PM: Warning: Failed to access drive E: 6:33 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{237f52c8-10ca-4fcb-b1f6-844b925d0d30}.bin". The operation completed successfully 6:25 PM: C:\Documents and Settings\Guest\Local Settings\Temp\1801.mht (ID = 147169) 6:25 PM: Found Adware: 180search assistant/zango 6:25 PM: C:\Program Files\Media Gateway (1 subtraces) (ID = 2147490169) 6:25 PM: Found Adware: winad 6:24 PM: Starting File Sweep 6:24 PM: Cookie Sweep Complete, Elapsed Time: 00:00:28 6:24 PM: c:\documents and settings\owner\cookies\owner@xiti[1].txt (ID = 3717) 6:24 PM: c:\documents and settings\owner\cookies\owner@xbox.about[1].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@www48.seeq[1].txt (ID = 3332) 6:24 PM: c:\documents and settings\owner\cookies\owner@www.starpulse[2].txt (ID = 3440) 6:24 PM: Found Spy Cookie: starpulse cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@www.screensavers[2].txt (ID = 3298) 6:24 PM: c:\documents and settings\owner\cookies\owner@www.pesttrap[1].txt (ID = 6462) 6:24 PM: Found Spy Cookie: pesttrap cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@www.mrskin[1].txt (ID = 3021) 6:24 PM: c:\documents and settings\owner\cookies\owner@www.eroticy[1].txt (ID = 2624) 6:24 PM: c:\documents and settings\owner\cookies\owner@www.danni[2].txt (ID = 2494) 6:24 PM: c:\documents and settings\owner\cookies\owner@www.clixgalore[1].txt (ID = 2417) 6:24 PM: Found Spy Cookie: clixgalore cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@www.adminder[1].txt (ID = 2079) 6:24 PM: Found Spy Cookie: adminder cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@www.888[1].txt (ID = 2020) 6:24 PM: c:\documents and settings\owner\cookies\owner@webpower[1].txt (ID = 3660) 6:24 PM: Found Spy Cookie: webpower cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@videodome[1].txt (ID = 3638) 6:24 PM: Found Spy Cookie: videodome cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@vgstrategies.about[1].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@urbanlegends.about[1].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@ugo[1].txt (ID = 3608) 6:24 PM: Found Spy Cookie: ugo cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@tvguide[2].txt (ID = 3599) 6:24 PM: c:\documents and settings\owner\cookies\owner@tripod[1].txt (ID = 3591) 6:24 PM: c:\documents and settings\owner\cookies\owner@trb[2].txt (ID = 3587) 6:24 PM: Found Spy Cookie: trb.com cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@tracking[1].txt (ID = 3571) 6:24 PM: Found Spy Cookie: tracking cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@toprebates[2].txt (ID = 3561) 6:24 PM: Found Spy Cookie: toprebates.com cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@toplist[2].txt (ID = 3557) 6:24 PM: c:\documents and settings\owner\cookies\owner@toplist[1].txt (ID = 3557) 6:24 PM: Found Spy Cookie: toplist cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@tickle[2].txt (ID = 3529) 6:24 PM: Found Spy Cookie: tickle cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@teentvmovies.about[1].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@stat.dealtime[2].txt (ID = 2506) 6:24 PM: c:\documents and settings\owner\cookies\owner@sports.espn.go[2].txt (ID = 2729) 6:24 PM: c:\documents and settings\owner\cookies\owner@spanish.about[1].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@snowboarding.about[1].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@sideshow.directtrack[2].txt (ID = 2528) 6:24 PM: c:\documents and settings\owner\cookies\owner@shoplocl.adbureau[2].txt (ID = 2060) 6:24 PM: Found Spy Cookie: adbureau cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@servlet[1].txt (ID = 3345) 6:24 PM: Found Spy Cookie: servlet cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@seeq[1].txt (ID = 3331) 6:24 PM: Found Spy Cookie: seeq cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@secure.danni[2].txt (ID = 2494) 6:24 PM: c:\documents and settings\owner\cookies\owner@search.espn.go[1].txt (ID = 2729) 6:24 PM: c:\documents and settings\owner\cookies\owner@sdc.tvguide[1].txt (ID = 3600) 6:24 PM: c:\documents and settings\owner\cookies\owner@sav.coolsavings[1].txt (ID = 2466) 6:24 PM: Found Spy Cookie: coolsavings cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@rsi.tvguide[1].txt (ID = 3600) 6:24 PM: Found Spy Cookie: tvguide cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@rn11[2].txt (ID = 3261) 6:24 PM: Found Spy Cookie: rn11 cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@ridemg.directtrack[2].txt (ID = 2528) 6:24 PM: c:\documents and settings\owner\cookies\owner@reunion[2].txt (ID = 3255) 6:24 PM: Found Spy Cookie: reunion cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@realmedia[2].txt (ID = 3235) 6:24 PM: c:\documents and settings\owner\cookies\owner@rapidresponse.directtrack[1].txt (ID = 2528) 6:24 PM: Found Spy Cookie: directtrack cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@qsrch[2].txt (ID = 3215) 6:24 PM: Found Spy Cookie: qsrch cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@pricegrabber[2].txt (ID = 3185) 6:24 PM: Found Spy Cookie: pricegrabber cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@outster[2].txt (ID = 3103) 6:24 PM: Found Spy Cookie: outster cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@nextag[2].txt (ID = 5014) 6:24 PM: c:\documents and settings\owner\cookies\owner@msnportal.112.2o7[1].txt (ID = 1958) 6:24 PM: Found Spy Cookie: 2o7.net cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@mrskin[2].txt (ID = 3020) 6:24 PM: Found Spy Cookie: mrskin cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@movies.go[2].txt (ID = 2729) 6:24 PM: c:\documents and settings\owner\cookies\owner@monstermarketplace[1].txt (ID = 3006) 6:24 PM: Found Spy Cookie: monstermarketplace cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@metareward[2].txt (ID = 2990) 6:24 PM: Found Spy Cookie: metareward.com cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@maxserving[1].txt (ID = 2966) 6:24 PM: c:\documents and settings\owner\cookies\owner@math.about[1].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@malwarewipe[1].txt (ID = 6467) 6:24 PM: Found Spy Cookie: malwarewipe cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@m.webtrends[1].txt (ID = 3669) 6:24 PM: Found Spy Cookie: webtrends cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@littlerock.about[1].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@landing.domainsponsor[1].txt (ID = 2535) 6:24 PM: Found Spy Cookie: domainsponsor cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@kinghost[1].txt (ID = 2903) 6:24 PM: Found Spy Cookie: kinghost cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@insider.espn.go[1].txt (ID = 2729) 6:24 PM: c:\documents and settings\owner\cookies\owner@imlive[2].txt (ID = 2843) 6:24 PM: Found Spy Cookie: imlive.com cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@i.screensavers[1].txt (ID = 3298) 6:24 PM: c:\documents and settings\owner\cookies\owner@humor.about[1].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@hotels.about[1].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@horror.about[1].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@homevideo.about[1].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@hatland.freestats[1].txt (ID = 2705) 6:24 PM: Found Spy Cookie: freestats.net cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@go[2].txt (ID = 2728) 6:24 PM: c:\documents and settings\owner\cookies\owner@govegas.about[2].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@gostats[2].txt (ID = 2747) 6:24 PM: Found Spy Cookie: gostats cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@gocalifornia.about[2].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@gamespy[1].txt (ID = 2719) 6:24 PM: Found Spy Cookie: gamespy cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@galleries.danni[1].txt (ID = 2494) 6:24 PM: c:\documents and settings\owner\cookies\owner@fortunecity[2].txt (ID = 2686) 6:24 PM: Found Spy Cookie: fortunecity cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@expn.go[1].txt (ID = 2729) 6:24 PM: c:\documents and settings\owner\cookies\owner@espn.go[2].txt (ID = 2729) 6:24 PM: c:\documents and settings\owner\cookies\owner@eroticy[1].txt (ID = 2623) 6:24 PM: Found Spy Cookie: eroticy cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@engage.everyone[2].txt (ID = 2611) 6:24 PM: Found Spy Cookie: engage cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@dist.belnk[2].txt (ID = 2293) 6:24 PM: c:\documents and settings\owner\cookies\owner@did-it[2].txt (ID = 2523) 6:24 PM: Found Spy Cookie: did-it cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@dealtime[2].txt (ID = 2505) 6:24 PM: Found Spy Cookie: dealtime cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@dating.about[2].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@danni[2].txt (ID = 2493) 6:24 PM: Found Spy Cookie: danni cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@ct.360i[1].txt (ID = 1962) 6:24 PM: Found Spy Cookie: 360i cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@couponing.about[1].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@contextuads[1].txt (ID = 2461) 6:24 PM: Found Spy Cookie: contextuads cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@classmates[1].txt (ID = 2384) 6:24 PM: Found Spy Cookie: classmates cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@cellphones.about[2].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@ccbill[1].txt (ID = 2369) 6:24 PM: Found Spy Cookie: ccbill cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@cassava[1].txt (ID = 2362) 6:24 PM: Found Spy Cookie: cassava cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@casalemedia[2].txt (ID = 2354) 6:24 PM: Found Spy Cookie: casalemedia cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@c.fsx[2].txt (ID = 2286) 6:24 PM: Found Spy Cookie: barelylegal cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@bravenet[1].txt (ID = 2322) 6:24 PM: Found Spy Cookie: bravenet cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@bizrate[1].txt (ID = 2308) 6:24 PM: c:\documents and settings\owner\cookies\owner@belnk[2].txt (ID = 2292) 6:24 PM: c:\documents and settings\owner\cookies\owner@banner[2].txt (ID = 2276) 6:24 PM: c:\documents and settings\owner\cookies\owner@banners[2].txt (ID = 2282) 6:24 PM: Found Spy Cookie: banners cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@azjmp[2].txt (ID = 2270) 6:24 PM: Found Spy Cookie: azjmp cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@atwola[2].txt (ID = 2255) 6:24 PM: c:\documents and settings\owner\cookies\owner@atheism.about[1].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@ath.belnk[1].txt (ID = 2293) 6:24 PM: c:\documents and settings\owner\cookies\owner@ask[1].txt (ID = 2245) 6:24 PM: c:\documents and settings\owner\cookies\owner@apmebf[1].txt (ID = 2229) 6:24 PM: c:\documents and settings\owner\cookies\owner@aff.primaryads[2].txt (ID = 3190) 6:24 PM: Found Spy Cookie: primaryads cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@advertising.about[1].txt (ID = 2038) 6:24 PM: c:\documents and settings\owner\cookies\owner@adultrevenueservice[1].txt (ID = 2167) 6:24 PM: Found Spy Cookie: adultrevenueservice cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@ads.cc214142[1].txt (ID = 2367) 6:24 PM: c:\documents and settings\owner\cookies\owner@adrevolver[3].txt (ID = 2088) 6:24 PM: c:\documents and settings\owner\cookies\owner@adprofile[2].txt (ID = 2084) 6:24 PM: c:\documents and settings\owner\cookies\owner@adknowledge[2].txt (ID = 2072) 6:24 PM: c:\documents and settings\owner\cookies\owner@adecn[1].txt (ID = 2063) 6:24 PM: Found Spy Cookie: adecn cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@about[1].txt (ID = 2037) 6:24 PM: c:\documents and settings\owner\cookies\owner@abclocal.go[1].txt (ID = 2729) 6:24 PM: c:\documents and settings\owner\cookies\owner@aa[1].txt (ID = 2029) 6:24 PM: Found Spy Cookie: aa cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@a.websponsors[2].txt (ID = 3665) 6:24 PM: c:\documents and settings\owner\cookies\owner@888[2].txt (ID = 2019) 6:24 PM: c:\documents and settings\owner\cookies\owner@888[1].txt (ID = 2019) 6:24 PM: Found Spy Cookie: 888 cookie 6:24 PM: c:\documents and settings\owner\cookies\owner@64.62.232[2].txt (ID = 1987) 6:24 PM: Found Spy Cookie: 64.62.232 cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@xiti[1].txt (ID = 3717) 6:24 PM: Found Spy Cookie: xiti cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@www.screensavers[2].txt (ID = 3298) 6:24 PM: Found Spy Cookie: screensavers.com cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@www.cardomain[2].txt (ID = 2351) 6:24 PM: c:\documents and settings\guest\cookies\guest@tripod[1].txt (ID = 3591) 6:24 PM: Found Spy Cookie: tripod cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@realmedia[2].txt (ID = 3235) 6:24 PM: Found Spy Cookie: realmedia cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@nextag[2].txt (ID = 5014) 6:24 PM: Found Spy Cookie: nextag cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@maxserving[2].txt (ID = 2966) 6:24 PM: Found Spy Cookie: maxserving cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@labmice.techtarget[1].txt (ID = 3500) 6:24 PM: Found Spy Cookie: techtarget cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@hc2.humanclick[2].txt (ID = 2810) 6:24 PM: Found Spy Cookie: humanclick cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@go[1].txt (ID = 2728) 6:24 PM: Found Spy Cookie: go.com cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@experclick[1].txt (ID = 2639) 6:24 PM: Found Spy Cookie: experclick cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@dist.belnk[2].txt (ID = 2293) 6:24 PM: c:\documents and settings\guest\cookies\guest@cardomain[1].txt (ID = 2350) 6:24 PM: Found Spy Cookie: cardomain cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@bizrate[2].txt (ID = 2308) 6:24 PM: Found Spy Cookie: bizrate cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@belnk[1].txt (ID = 2292) 6:24 PM: c:\documents and settings\guest\cookies\guest@banner[2].txt (ID = 2276) 6:24 PM: Found Spy Cookie: banner cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@atwola[1].txt (ID = 2255) 6:24 PM: Found Spy Cookie: atwola cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@ath.belnk[2].txt (ID = 2293) 6:24 PM: Found Spy Cookie: belnk cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@ask[1].txt (ID = 2245) 6:24 PM: Found Spy Cookie: ask cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@apmebf[2].txt (ID = 2229) 6:24 PM: Found Spy Cookie: apmebf cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@adserver[1].txt (ID = 2141) 6:24 PM: Found Spy Cookie: adserver cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@ads.cc214142[2].txt (ID = 2367) 6:24 PM: Found Spy Cookie: cc214142 cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@adrevolver[2].txt (ID = 2088) 6:24 PM: Found Spy Cookie: adrevolver cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@adprofile[2].txt (ID = 2084) 6:24 PM: Found Spy Cookie: adprofile cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@adopt.hbmediapro[2].txt (ID = 2768) 6:24 PM: Found Spy Cookie: hbmediapro cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@adknowledge[1].txt (ID = 2072) 6:24 PM: Found Spy Cookie: adknowledge cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@about[1].txt (ID = 2037) 6:24 PM: Found Spy Cookie: about cookie 6:24 PM: c:\documents and settings\guest\cookies\guest@a.websponsors[1].txt (ID = 3665) 6:24 PM: Found Spy Cookie: websponsors cookie 6:24 PM: Starting Cookie Sweep 6:24 PM: Memory Sweep Complete, Elapsed Time: 00:01:14 6:23 PM: Starting Memory Sweep 6:23 PM: Sweep initiated using definitions version 691 6:23 PM: Spy Sweeper 5.0.5.1286 started 6:23 PM: | Start of Session, Monday, August 07, 2006 | ******** 6:23 PM: | End of Session, Monday, August 07, 2006 | 6:20 PM: None 6:20 PM: Traces Found: 1 6:20 PM: Memory Sweep Complete, Elapsed Time: 00:00:07 6:20 PM: Sweep Canceled 6:20 PM: Starting Memory Sweep 6:20 PM: HKU\WRSS_Profile_S-1-5-21-3188126825-1688562564-3889130483-501\software\microsoft\windows\currentversion\run\ || internet optimizer (ID = 1193580) 6:20 PM: Found Adware: internetoptimizer 6:20 PM: Sweep initiated using definitions version 691 6:20 PM: Spy Sweeper 5.0.5.1286 started 6:20 PM: | Start of Session, Monday, August 07, 2006 | ******** 6:20 PM: | End of Session, Monday, August 07, 2006 | 6:18 PM: BHO Shield: found: -- BHO installation denied at user request 6:18 PM: BHO Shield: found: -- BHO installation denied at user request Keylogger Shield: On BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites Shield: Off Hosts File Shield: On Spy Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 6:18 PM: Shield States 6:18 PM: Spyware Definitions: 691 6:17 PM: Spy Sweeper 5.0.5.1286 started 6:17 PM: Spy Sweeper 5.0.5.1286 started 6:17 PM: | Start of Session, Monday, August 07, 2006 | ******** there was no next button.
That's ok Download the pocket killbox http://www.bleepingcomputer.com/files/killbox.php * Click here for info on how to boot to safe mode if you don't already know how. http://service1.symantec.com/SUPPORT...rc=sec_doc_nam * Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode. * Restart your computer into safe mode now. Perform the following steps in safe mode: have hijack this fix these entries. close all programmes before clicking FIX. O4 - HKLM\..\Run: [virtual-ie] winlogi.exe O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the Full Path of File to Delete box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confirmation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the Paste Full Path of File to Delete box. Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any. C:\WINDOWS\System32\winlogi.exe Reboot into normal mode and follow the instuctions of my first post about moving HIjackthis into a permanent folder Post another log
Logfile of HijackThis v1.99.1 Scan saved at 11:21:31 PM, on 8/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Digital Media Reader\shwicon2k.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\AIM\aim.exe C:\Program Files\BigFix\bigfix.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Documents and Settings\Owner\Desktop\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weakgame.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SunKist] "C:\Program Files\Digital Media Reader\shwicon2k.exe" O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Ezmafv] C:\Program Files\Ustpn\Siyvw.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c356.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {36D1745D-38C9-42EF-BF7F-25813A277C00} (AXSlider Control) - http://www.musicpoll.com/C3Web2/AXSliderProj.ocx O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135032142265 O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
What kept you? you could be getting infected in the process making this kinda pointless. Please go to this site: http://virusscan.jotti.org/ Use the Browse button at Jotti. Navigate to the file's location on your hard drive and submit this file: C:\Program Files\Ustpn\Siyvw.exe Let me know what it says regarding the file.
i've been on and off the computer. I dont seem to have that file, i have the folder but nothing is in it.
ok, How are things now? i've found nothing on that file so it's up to you want to keep that folder on your system, to get rid of it: Check with Hijackthis O4 - HKLM\..\Run: [Ezmafv] C:\Program Files\Ustpn\Siyvw.exe Make sure all other eindows are closed and click fix reboot into safe mode. Find and delete this folder: C:\Program Files\[bold]Ustpn[/bold]\ Important: your version of java is outdated * Download the latest version of [bold]Java Runtime Environment (JRE) 5.0 Update 7[/bold] .http://java.sun.com/javase/downloads/index.jsp * Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". * Click the "Download" button to the right. * Check the box that says: "Accept License Agreement". * The page will refresh. * Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. * Close any programs you may have running - especially your web browser. * Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. * Check any item with Java Runtime Environment (JRE or J2SE) in the name. * Click the Remove or Change/Remove button. * Repeat as many times as necessary to remove each Java versions. * Reboot your computer once all Java components are removed. * Then from your desktop double-click on jre-1_5_0_07-windowsi586-p.exe to install the newest version.
Lets do this to see if anything's remaining Please go HERE http://www.pandasoftware.com/products/activescan.htm to run Panda's ActiveScan * Once you are on the Panda site click the Scan your PC button * A new window will open...click the Check Now button * Enter your Country * Enter your State/Province * Enter your e-mail address and click send * Select either Home User or Company * Click the big Scan Now button * If it wants to install an ActiveX component allow it * It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) * When download is complete, click on My Computer to start the scan * When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. post panda report and new HJT log
