Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Somebody help me please? Somebody help me please?
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 04-04-2007, 06:06 AM   #1 (permalink)
Registered User
 
Join Date: Apr 2007
Location: Oklahoma
Posts: 14
OS: XP


Somebody help me please?
My Internet Explorer will 'Jump' or 'Redirect' to a random page when I click on a link.

I've run different recommended programs, such as Windows Defender, Hijack This, and KillBox.

None worked and I'll post the Hijack This log since you guys know what you are doing.


Logfile of HijackThis v1.99.1
Scan saved at 3:17:45 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Zune\ZuneNss.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\John Dylan\My Documents\Downloads\Hijack This.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D81659D-37A2-43B7-BA16-1642271F4E69}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{2661326C-9A36-4329-9EA9-F5B2F81C02ED}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{C50483ED-122D-402B-9197-62648319B5C4}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
jdylant is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-04-2007, 06:19 PM   #2 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: Rhode Island, USA
Posts: 3,628
OS: XP Home SP3, XP MCE SP3, XP Pro SP3


Re: Somebody help me please?
Hello and welcome to TSF.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the forum please.

Note: ONLY if you have connection problems after performing above steps - go to Start>Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.
__________________
My services are free. However, you can donate to TSF to help keep it running and prospering.
ASAP

amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-05-2007, 02:33 PM   #3 (permalink)
Registered User
 
Join Date: Apr 2007
Location: Oklahoma
Posts: 14
OS: XP


Re: Somebody help me please?
The report file from the FixWareOut scan is below...


Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdwie.exe"

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other
C:\WINDOWS\Temp\kdwie.ren 63914 08/10/2004



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="\"C:\\Program Files\\Zune\\ZuneLauncher.exe\""
"Tvs"="C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe"
"TPSMain"="TPSMain.exe"
"THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe"
"TFncKy"="TFncKy.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"SkyTel"="SkyTel.EXE"
"RTHDCPL"="RTHDCPL.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Pinger"="c:\\toshiba\\ivp\\ism\\pinger.exe /run"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"NDSTray.exe"="NDSTray.exe"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"DDWMon"="C:\\Program Files\\TOSHIBA\\TOSHIBA Direct Disc Writer\\\\ddwmon.exe"
"CFSServ.exe"="CFSServ.exe -NoClient"
"Alcmtr"="ALCMTR.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"Steam"="\"C:\\Program Files\\Valve\\Steam\\Steam.exe\" -silent"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»


The report from the HijackThis scan is below...

Logfile of HijackThis v1.99.1
Scan saved at 3:32:57 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\QuickTime\qttask.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John Dylan\My Documents\Downloads\Hijack This.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D81659D-37A2-43B7-BA16-1642271F4E69}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{2661326C-9A36-4329-9EA9-F5B2F81C02ED}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{C50483ED-122D-402B-9197-62648319B5C4}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
jdylant is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-05-2007, 02:36 PM   #4 (permalink)
Registered User
 
Join Date: Apr 2007
Location: Oklahoma
Posts: 14
OS: XP


Grin Re: Somebody help me please?
Thank-you so much amateur!

I've been trying to figure it out for several days now. I did System Restore and was kind of dissapointed when it along with everything else failed...

So far as I've seen, the problem is completely gone...
Thanks again!
jdylant is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-05-2007, 02:57 PM   #5 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: Rhode Island, USA
Posts: 3,628
OS: XP Home SP3, XP MCE SP3, XP Pro SP3


Re: Somebody help me please?
Hi,

That's great and you're welcome. We have a little more work though. Before we begin, I would like you to create a new folder and place HijackThis.exe in the new folder. HijackThis creates backups in case if you ever want to redo anything done with HijackThis, and needs to have a folder to itself to house them. Otherwise, you'll have the backup files in the Downloads folder.

Please download Ccleaner and save it to your desktop.
Tutorial for CCleaner
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it. Do not scan with it yet.

=======================================

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"


  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

========================================
  • Close all open Explorer windows and browsers/email, etc
  • Run HijackThis
  • Click on the Scan button and when complete
  • Put a check beside all of the items listed below
  • Click on the "Fix Checked" button
  • When completed, close the application.

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D81659D-37A2-43B7-BA16-1642271F4E69}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{2661326C-9A36-4329-9EA9-F5B2F81C02ED}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{C50483ED-122D-402B-9197-62648319B5C4}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63

========================================

Reboot your computer in Safe Mode using the F8 method below.
a. If the computer is running, shut down Windows, and then turn off the power.
b. Wait 30 seconds, and then turn the computer on.
c. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
d. Ensure that the Safe Mode option is selected.
e. Press Enter. The computer then begins to start in Safe mode.

=======================================

From Safe Mode run Ccleaner
  • Click on Options,
  • Select Advanced
  • Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
  • Make sure the Cleaner block on the left is selected.
  • Do not use the "Issues" block . It's meant for professionals.
  • Choose the Windows tab.
  • Check everything EXCEPT Advanced part of the Menu.
  • Click on "Analyze". This process could take a while.
  • If you don't want to loose your login passwords to certain sites, click on Options
  • Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.
  • Choose Run Cleaner.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
If you have more than one users, run Ccleaner for every user

========================================

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware.

=========================================

Reboot in Normal Mode.

=========================================

Your Java is slightly out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.0.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6.0 windows-i586-p.exe to install the newest version.

=========================================

Perform an online scan using Internet Explorer with Panda ActiveScan
  • Click on located at the bottom of the page.
  • A "pop up" window will appear. Please ensure that your pop up blocker doesn't block it
  • Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click and post back the contents please.
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.

=========================================

Please post back the AVG Anti-Spyware log, Panda scan results and a fresh HijackThis log in your next reply.
__________________
My services are free. However, you can donate to TSF to help keep it running and prospering.
ASAP

amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-05-2007, 03:38 PM   #6 (permalink)
Registered User
 
Join Date: Apr 2007
Location: Oklahoma
Posts: 14
OS: XP


Re: Somebody help me please?
I've finished all the steps before the CCleaner scan.
I downloaded it from the recommended site and I've 'installed' it 3 times. Every time I made sure that the destination folder was in my Downloads folder, under CCleaner. I can't find it and don't know if I should skip it.
jdylant is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-05-2007, 04:59 PM   #7 (permalink)
Registered User
 
Join Date: Apr 2007
Location: Oklahoma
Posts: 14
OS: XP


Re: Somebody help me please?
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:10:45 PM 4/5/2007

+ Scan result:



C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010321.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010322.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP33\A0011547.exe -> Adware.AntiVermins : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012946.exe -> Adware.AntiVermins : Cleaned with backup (quarantined).
HKU\S-1-5-21-2152574201-3010094123-3549718769-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2152574201-3010094123-3549718769-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2152574201-3010094123-3549718769-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010319.dll -> Adware.Solution : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012633.exe -> Adware.SpyDawn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP33\A0011551.dll -> Adware.WorldSecurityOnline : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012635.dll -> Adware.WorldSecurityOnline : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012945.dll -> Adware.WorldSecurityOnline : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010287.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010300.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010313.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010331.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010343.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0011343.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP32\A0011442.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP33\A0011447.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012941.exe -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0007126.exe -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP30\A0010255.exe -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010288.dll -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010301.dll -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010314.dll -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010332.dll -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010336.exe -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP33\A0011552.dll -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP33\A0012628.exe -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012943.dll -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010289.exe -> Downloader.Zlob.aqq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010302.exe -> Downloader.Zlob.aqq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010315.exe -> Downloader.Zlob.aqq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP31\A0010333.exe -> Downloader.Zlob.aqq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP42\A0016581.exe -> Downloader.Zlob.asv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP42\A0016582.exe -> Downloader.Zlob.asv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018998.exe -> Downloader.Zlob.asv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018999.exe -> Downloader.Zlob.asx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP42\A0016584.exe -> Downloader.Zlob.atd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP42\A0016578.dll -> Downloader.Zlob.atf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018991.exe -> Downloader.Zlob.atl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018995.exe -> Downloader.Zlob.atl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018992.dll -> Downloader.Zlob.aud : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0007125.exe -> Downloader.Zlob.bfj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0006126.dll -> Downloader.Zlob.biu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0006065.dll -> Downloader.Zlob.bjo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0006121.dll -> Downloader.Zlob.bjo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0007121.dll -> Downloader.Zlob.bjo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP30\A0010254.exe -> Downloader.Zlob.bjo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012935.exe -> Downloader.Zlob.bjo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0006066.exe -> Downloader.Zlob.bjr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0006122.exe -> Downloader.Zlob.bjr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP15\A0007122.exe -> Downloader.Zlob.bjr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP33\A0011550.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP33\A0011554.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012944.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012949.exe -> Downloader.Zlob.bkn : Cleaned with backup (quarantined).
C:\Documents and Settings\John Dylan\Local Settings\Temp\Temporary Internet Files\Content.IE5\2I9G1V0X\setupmedia.1472[1].exe -> Downloader.Zlob.blz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP34\A0012640.exe -> Downloader.Zlob.bny : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP42\A0016579.exe -> Downloader.Zlob.bov : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP42\A0016580.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP42\A0016583.dll -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP42\A0016585.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018993.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018994.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018996.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP57\A0018997.dll -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup (quarantined).
C:\Documents and Settings\John Dylan\Cookies\john_dylan@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@viamtvcom.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@redir.adengage[2].txt -> TrackingCookie.Adengage : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@fortunecity[1].txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@ehg-luggageonline.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@search.live[1].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@search.live[2].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@pro-market[3].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@counter11.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@counter14.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@counter16.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@counter4.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@clickthrough.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@free.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\John Dylan\Cookies\john_dylan@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\John Dylan\Local Settings\Temp\Cookies\john_dylan@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP44\A0017968.exe -> Trojan.DNSChanger.ih : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP73\A0025096.exe -> Trojan.DNSChanger.ih : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kdncl.exe -> Trojan.DNSChanger.in : Cleaned with backup (quarantined).
C:\Documents and Settings\John Dylan\Local Settings\Temp\laf18.tmp -> Trojan.Renos.naq : Cleaned with backup (quarantined).
C:\Documents and Settings\John Dylan\Local Settings\Temp\laf17.tmp -> Trojan.Zlob : Cleaned with backup (quarantined).


::Report end
_________________________________________________________________

Here is the Hijack This Scan Report

Logfile of HijackThis v1.99.1
Scan saved at 5:21:58 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John Dylan\My Documents\Downloads\Hijack This\Hijack This.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba