Thread: Computer deeply infected; HJT log
View Single Post
Old 07-31-2006, 12:17 AM   #3 (permalink)
Mukanshin
Registered User
 
Join Date: Jul 2006
Posts: 6
OS: Windows XP Home Edition SP2


Sorry took long to reply... lol I was in Sao Paulo for the last three days, just came back into Rio de Janeiro. Anyways, I did all I could, "mcfCHE.dll" gave me problems but with hijackthis I deleted it before startup and got rid of it. Also with the files you told me to take out, I found variations of the "g--numbers--.dll" and removed them too. I know they were variations by the date created and alike names, also how they weren't recognized as important files. Only problem I actually had is with that Panda scan. Not only didn't it scan, but when I allowed the activex to run, it downloaded some virus into my WINDOWS, but my avast! got rid of it as soon as it came up. After that, the scan just wouldn't start, probaly cause of my firewall but I was too mad so I didn't try too hard lol. I'm traumatized from ActiveX related material. Is it too big of a problem that I don't have that Panda scan? Here are the other scans you asked for.

Ewido Scan:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:01:36 AM 7/31/2006

+ Scan result:



C:\Documents and Settings\monique.HIBREALTY1\Start Menu\Programs\EARN -> Adware.eZula : Cleaned with backup (quarantined).
C:\Documents and Settings\monique.HIBREALTY1\Start Menu\Programs\EARN\EARN website.url -> Adware.eZula : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\LMSetup.exe.tcf -> Adware.MDH : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\autumn123.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\themexp\Themexp.org File\NNWDAB638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\monique.HIBREALTY1\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\monique.HIBREALTY1\Start Menu\Programs\Power Scan\Power Scan.lnk -> Adware.PowerScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer.1 -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller.1 -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreensaversInstaller -> Adware.Screensavers : Cleaned with backup (quarantined).
C:\Program Files\MaxSpeed -> Adware.SideFind : Cleaned with backup (quarantined).
C:\Documents and Settings\-Frank-\Local Settings\Application Data\5e69735e.exe.tcf -> Adware.SmartSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Adilson\Local Settings\Application Data\5e69735e.exe.tcf -> Adware.SmartSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\monique.HIBREALTY1\Local Settings\Application Data\5e69735e.exe.tcf -> Adware.SmartSearch : Cleaned with backup (quarantined).
C:\Downloads\Chainz2_Setup-dm[1].exe.tcf -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\ChuzzleSetup-dm[1].exe.tcf -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\GoldMinerSetup-dm[1].exe.tcf -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\HJT\backups\backup-20060730-223559-572.dll -> Downloader.ConHook.aa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026572.dll -> Downloader.ConHook.aa : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ddaba.exe -> Downloader.ConHook.ab : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ursrrop.dll -> Downloader.ConHook.ab : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0025571.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0025638.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026790.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026791.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026793.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026794.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026795.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026796.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026797.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026798.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026799.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026800.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026801.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026802.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026804.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026805.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026806.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026807.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026808.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026809.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026810.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026811.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026812.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026813.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026814.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026815.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026816.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026817.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026818.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026819.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026820.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026821.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026822.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026823.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026824.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026825.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026826.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026827.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026828.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026829.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026830.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026831.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026832.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026833.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026834.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026835.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\cpblpbc25.log -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\cpblpbc26.log -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\admparsel.dll.tcf -> Downloader.Delf.ako : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026803.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Y1123OA.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ld100.tmp -> Downloader.Zlob.vr : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ld101.tmp -> Downloader.Zlob.vr : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ld102.tmp -> Downloader.Zlob.vr : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ld104.tmp -> Downloader.Zlob.vr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP26\A0022299.dll -> Hijacker.Agent.ct : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\clbcatix.dll -> Hijacker.Agent.ct : Cleaned with backup (quarantined).
C:\WINDOWS\wisterd.exe -> Logger.Banker.bjs : Cleaned with backup (quarantined).
C:\WINDOWS\brad.exe -> Logger.Banker.bkq : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\popcaploader.dll.tcf -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@247realmedia[1].txt.bak -> TrackingCookie.247realmedia : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@247realmedia[2].txt.bak -> TrackingCookie.247realmedia : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@ads.addynamix[1].txt.bak -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@ads.addynamix[1].txt.bak -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@ads.addynamix[2].txt.bak -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@z1.adserver[1].txt.bak -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@z1.adserver[1].txt.bak -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@z1.adserver[2].txt.bak -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@adtech[1].txt.bak -> TrackingCookie.Adtech : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@advertising[2].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@servedby.advertising[1].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@servedby.advertising[2].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@advertising[1].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@advertising[2].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@servedby.advertising[1].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@servedby.advertising[2].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\sonia@advertising[2].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\sonia@servedby.advertising[2].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@atdmt[2].txt.bak -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@atdmt[1].txt.bak -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@atdmt[2].txt.bak -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\sonia@atdmt[2].txt.bak -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@bfast[1].txt.bak -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@bfast[2].txt.bak -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@bfast[1].txt.bak -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@bfast[2].txt.bak -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\sonia@bfast[2].txt.bak -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@bluestreak[1].txt.bak -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@bluestreak[2].txt.bak -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@bluestreak[1].txt.bak -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@bluestreak[2].txt.bak -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@casalemedia[1].txt.bak -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@casalemedia[2].txt.bak -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@casalemedia[1].txt.bak -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@casalemedia[2].txt.bak -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\sonia@casalemedia[2].txt.bak -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@centrport[1].txt.bak -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@centrport[1].txt.bak -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@centrport[2].txt.bak -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@clickagents[1].txt.bak -> TrackingCookie.Clickagents : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@clickagents[2].txt.bak -> TrackingCookie.Clickagents : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@commission-junction[1].txt.bak -> TrackingCookie.Commission-junction : Cleaned.
C:\Program Files\SpyHunter\Backup\sonia@commission-junction[2].txt.bak -> TrackingCookie.Commission-junction : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@data.coremetrics[1].txt.bak -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@twci.coremetrics[1].txt.bak -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@data.coremetrics[1].txt.bak -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@data.coremetrics[2].txt.bak -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@test.coremetrics[1].txt.bak -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@twci.coremetrics[1].txt.bak -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@www.directnetadvertising[1].txt.bak -> TrackingCookie.Directnetadvertising : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@doubleclick[1].txt.bak -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@doubleclick[2].txt.bak -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@doubleclick[1].txt.bak -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@doubleclick[2].txt.bak -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\sonia@doubleclick[1].txt.bak -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@fastclick[1].txt.bak -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@fastclick[2].txt.bak -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@fastclick[1].txt.bak -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@fastclick[2].txt.bak -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\SpyHunter\Backup\sonia@fastclick[1].txt.bak -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@gator[1].txt.bak -> TrackingCookie.Gator : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@webpdp.gator[1].txt.bak -> TrackingCookie.Gator : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@ehg-ati.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@ehg-ati.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@ehg-cafepress.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@ehg-fxcm.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@ehg-newegg.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@ehg-newegg.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@ehg-sigames.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@ehg-sonycomputer.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@ehg-technuity.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@ehg-techtarget.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@ehg-tigerdirect.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@ehg-tigerdirect.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@ehg-tigerdirect2.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@hg1.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-affinitynet.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-affinitynet.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-aha.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-aol.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-bcstore.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-bestbuy.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-comcast.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-commjun.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-dig.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-foxsports.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-gbcsign.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-ingersollrand.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-interlandinc.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-interval.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-lioninc.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-lioninc.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-lowermybills.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-realtytimes.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-realtytimes.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-realtytrac.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-sonycomputer.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-vonage.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-wachovia.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-z57.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@ehg-zoomerang.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@hg1.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@hg1.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@phg.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@phg.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\sonia@ehg-bestbuy.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\sonia@hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@counter2.hitslink[2].txt.bak -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@linksynergy[1].txt.bak -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@linksynergy[2].txt.bak -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\sonia@linksynergy[2].txt.bak -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@mediaplex[1].txt.bak -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@mediaplex[1].txt.bak -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@mediaplex[2].txt.bak -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\SpyHunter\Backup\sonia@mediaplex[1].txt.bak -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@qksrv[1].txt.bak -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@qksrv[2].txt.bak -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\sonia@qksrv[1].txt.bak -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@ads.realcastmedia[2].txt.bak -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@ads.realcastmedia[1].txt.bak -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@ads.realcastmedia[2].txt.bak -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\adilson@www.realcastmedia[2].txt.bak -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\-frank-@revenue[1].txt.bak -> TrackingCookie.Revenue : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@revenue[1].txt.bak -> TrackingCookie.Revenue : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@revenue[2].txt.bak -> TrackingCookie.Revenue : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@spylog[2].txt.bak -> TrackingCookie.Spylog : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@spylog[1].txt.bak -> TrackingCookie.Spylog : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@spylog[2].txt.bak -> TrackingCookie.Spylog : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@targetnet[2].txt.bak -> TrackingCookie.Targetnet : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@targetnet[1].txt.bak -> TrackingCookie.Targetnet : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@targetnet[2].txt.bak -> TrackingCookie.Targetnet : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@trafficmp[2].txt.bak -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@trafficmp[1].txt.bak -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@trafficmp[2].txt.bak -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@valueclick[1].txt.bak -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@valueclick[2].txt.bak -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@valueclick[1].txt.bak -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@valueclick[2].txt.bak -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\SpyHunter\Backup\-frank-@statse.webtrendslive[2].txt.bak -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@statse.webtrendslive[1].txt.bak -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\SpyHunter\Backup\adilson@statse.webtrendslive[2].txt.bak -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\SpyHunter\Backup\sonia@ads.x10[1].txt.bak -> TrackingCookie.X10 : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\winbae32.dll.tcf -> Trojan.Agent.vg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024 -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

"C:\Windelf.txt" scan:

************************
* WIN32DELFKIL LOGFILE *
************************
by Marckie


BEFORE RUNNING WIN32DELFKIL
***************************

File(s) found in Windows directory
----------------------------------
g12705419.dll
g13906246.dll
g1404229.dll
g15107513.dll
g18657437.dll
g18714259.dll
g19915597.dll
g199887.dll
g22263022.dll
g23464790.dll
g24665437.dll
g29394086.dll
g31919407.dll
g33120154.dll
g34320730.dll
g37922549.dll
g38748988.dll
g39125319.dll
g39949514.dll
g40323672.dll
g41150100.dll
g43926833.dll
g44752320.dll
g45128281.dll
g45953267.dll
g47153403.dll
g5004115.dll
g50755712.dll
g51613486.dll
g51955788.dll
g52814232.dll
g54014759.dll
g57617529.dll
g58819598.dll
g60053732.dll
g6208016.dll
g63650063.dll
g64851922.dll
g66054751.dll
g69661527.dll
g70862564.dll
g72067527.dll
g81196674.dll
g86244222.dll
g87445520.dll
g93169460.dll
compstuid.dll

File(s) found in system32 folder
--------------------------------
compstuid.dll

Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"
"{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui"


sharedtaskkey: 259BA022-2005-45E9-A965-10EDB9C00605
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}]
@="C:\\WINDOWS\\g29394086.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InprocServer32]
@="C:\\WINDOWS\\g29394086.dll"
"ThreadingModel"="Apartment"


sharedtaskkey: 0B5F7FDF-0717-45BF-B49D-695F3168C7FE
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}]



Notify key
----------
subkey cfgmngr32 is present!



AFTER RUNNING WIN32DELFKIL
**************************

File(s) found in Windows directory
----------------------------------
g12705419.dll
g13906246.dll
g1404229.dll
g15107513.dll
g18657437.dll
g18714259.dll
g19915597.dll
g199887.dll
g22263022.dll
g23464790.dll
g24665437.dll
g29394086.dll
g31919407.dll
g33120154.dll
g34320730.dll
g37922549.dll
g38748988.dll
g39125319.dll
g39949514.dll
g40323672.dll
g41150100.dll
g43926833.dll
g44752320.dll
g45128281.dll
g45953267.dll
g47153403.dll
g5004115.dll
g50755712.dll
g51613486.dll
g51955788.dll
g52814232.dll
g54014759.dll
g57617529.dll
g58819598.dll
g60053732.dll
g6208016.dll
g63650063.dll
g64851922.dll
g66054751.dll
g69661527.dll
g70862564.dll
g72067527.dll
g81196674.dll
g86244222.dll
g87445520.dll
g93169460.dll

File(s) found in system32 folder
--------------------------------
Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"



Notify key
----------


And Hijackthis! scan:

Logfile of HijackThis v1.99.1
Scan saved at 1:56:44 AM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\--Computer Fixers--\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Program Files\--Computer Fixers--\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\-Frank-\Desktop\CTL+ALT+DEL.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.244.149.25:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\--COMP~1\65719~1.BAS\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\--Computer Fixers--\ewido anti-spyware 4.0\ewido.exe" /minimized
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://rmlsfl.mlxchange.com/Control/...ctComboBox.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ghettoprincess1866.spaces.msn...d/MsnPUpld.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://rmlsfl.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://rmlsfl.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C34BF9B-8ECC-489B-B056-B28923EE3202}: NameServer = 200.244.149.26,200.244.149.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{D805F1F2-5A84-4CCF-9D42-F64FCCEF5E9A}: NameServer = 200.244.149.26,200.244.149.20
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - blank (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\--Computer Fixers--\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Thanks for the help you've given so far. There was a ton of adware and spyware that ewido took out. Also, so far the Spooler Subsystem App didn't fail this time it started up, and svchost.exe didn't run at 100%, two threads in it I mean. lol I don't think I mentioned the Spooler service failing before, but I just remembered. Sorry if that causes inconvienience. I'm looking forward for your next post Vikesrock8411!

(p.s.- This thread has been suscribed since the start. )
Mukanshin is offline