unstoppable pop-ups and unders did everything i could...

bboytmnt · 01-11-2006, 04:45 AM

i have not had this problem in a very very long time. i use spysweeper and norton and have been free of this kind of problem for a year until i took my notebook out of town...

i have been getting pop-ups from partypoker, hostreview, ad.yieldmanager, etc...

i spyswept, antivirused, and registry cleaned but i cant stop my problem.

help please...

here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 3:41:09 AM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\newfrn.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "RJay"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4057777D-D02F-4C54-A91C-88C4B0077D41}: NameServer = 68.6.16.30,68.6.16.25
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

thanks

sUBs · 01-12-2006, 05:24 AM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *

Download & install CleanUp.exe (not recommended for WinXP64)

Download and install Ewido Security Suite

When installing, under "Additional Options",
- uncheck - Install background guard
Have Ewido update itself & then exit the program.

If you are having problems with the updater, you can use this link to manually update Ewido

'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding.
It is IMPORTANT that you don't miss a step & perform everything in the correct order.

Please disable Webroot SpySweeper, as it hinders the removal of some entries. You can re-enable it after you're clean.
To disable Webroot SpySweeper:

Go to the Options>Program Options
Uncheck Load at Windows Startup
Click Shields & uncheck all items there
Uncheck Home page shield.
Automaticly restore default without notification

* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *

Do a HijackThis scan & place a check next to these items and select "Fix checked":

R3 - Default URLSearchHook is missing
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll

* * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the option to run Windows in Safe Mode.

* * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * *

Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs:

Hyperlinker / QL

Please note any other programs that you dont recognize in that list in your next response

* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab.

Tick - 'Show hidden files and folder'
Untick - 'Hide file extensions for known types'
Untick - 'Hide protected operating system files'
Click Yes to confirm & then click OK

Locate and delete the following files/folders: (let me know if you fail to find/delete any)

C:\WINDOWS\newfrn.exe
C:\Program Files\QL\
C:\WINDOWS\DH.dll

* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:

Delete Newsgroup cache
Delete Newsgroup Subscriptions
Scan local drives for temporary files

4. Click OK
5. Press the CleanUp! button to start the program.
6. Do NOT reboot/logoff if prompted.

* CleanUp! will not create any backups!!

* * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * *

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files

With the first file it prompts to clean, select the option:

"Perform action on all infections"
.Choose clean and click OK.

Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.

* * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * *

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *

In your next post, please include fresh logs from:

HiJackThis log

Online Scan

Ewido

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

bboytmnt · 01-14-2006, 08:50 PM

Thank you very much for your reply, i almost gave up. due to my lack of time (work) i havent been able to post a reply. also when i tried to post my reply yesterday, it lagged and told me that i execed the number of characters allowed. so, ill be dividing this post into part.

here are my logs:

HJT:
Logfile of HijackThis v1.99.1
Scan saved at 7:49:48 PM, on 1/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4057777D-D02F-4C54-A91C-88C4B0077D41}: NameServer = 68.6.16.30,68.6.16.25
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

sUBs · 01-14-2006, 10:32 PM

Ermmm...what happened to the other logs?

bboytmnt · 01-16-2006, 03:31 AM

im really sorry about that, the online scan seems to be extremely big on its own. trying to divide it was such a huge hassel that i didnt have much time for. anyhow while looking at the log i noticed that most of it was the "quaratine" files from norton so i just deleted those files in the norton program and will be running a new scan with kaspersky... sorry for the delay and i appreciate your patience with me.

sUBs · 01-16-2006, 06:09 AM

Try placing it as an attachment instead.

bboytmnt · 01-16-2006, 12:53 PM

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, January 16, 2006 11:38:49
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 16/01/2006
Kaspersky Anti-Virus database records: 171450
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: false

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 55641
Number of viruses found: 35
Number of infected objects: 156
Number of suspicious objects: 0
Duration of the scan process: 5017 sec

Infected Object Name - Virus Name
C:\Documents and Settings\RJay\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-eea61fb-1982352d.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\RJay\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-eea61fb-1982352d.zip Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\RJay\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-3d7228d6-7e1f6873.zip/javautil.zip Infected: Trojan-Downloader.Win32.Small.bvv
C:\Documents and Settings\RJay\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-3d7228d6-7e1f6873.zip/javautil.zip/bot.exe Infected: Trojan-Downloader.Win32.Small.cbp
C:\Documents and Settings\RJay\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-3d7228d6-7e1f6873.zip Infected: Trojan-Downloader.Win32.Small.cbp
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP172\A0012844.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP172\A0012876.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP172\A0012876.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP174\A0013502.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP174\A0013549.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP174\A0013571.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP181\A0013801.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP184\A0013872.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP184\A0013891.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP189\A0014767.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP189\A0014785.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP191\A0014970.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP191\A0014971.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP192\A0015003.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP193\A0015034.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP193\A0015102.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP193\A0015131.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP194\A0015160.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP202\A0015281.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP202\A0015282.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP202\A0015283.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.u
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP202\A0015287.exe Infected: Trojan.Win32.Crypt.e
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015453.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015470.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015483.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015503.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015521.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015524.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.u
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015526.dll Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015527.dll Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015530.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015531.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015532.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015541.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015546.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015641.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015642.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015643.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015645.exe Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015646.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015652.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.h
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015677.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015684.exe Infected: Trojan-Clicker.Win32.VB.is
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP204\A0015706.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP205\A0015719.exe Infected: Trojan-Clicker.Win32.VB.is
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP205\A0015740.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP219\A0016272.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP219\A0016290.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016302.exe Infected: Trojan-Clicker.Win32.VB.is
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016324.exe Infected: Trojan-Clicker.Win32.VB.is
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016500.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016501.exe Infected: Trojan-Downloader.Win32.VB.na
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016506.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016507.exe Infected: Trojan.Win32.Crypt.e
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016508.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016510.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016510.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016510.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016511.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016511.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016511.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016511.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016511.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016511.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016512.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016513.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016514.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016515.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016516.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.u
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016517.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016518.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016519.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016519.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016520.exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016521.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016522.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016523.exe Infected: Trojan-Downloader.Win32.TSUpdate.n
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP221\A0016524.exe Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP222\A0016735.exe Infected: Trojan.Win32.Runner.h
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP222\A0016736.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP222\A0016737.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP222\A0016738.exe Infected: Trojan-Clicker.Win32.VB.is
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP222\A0016741.dll Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP223\A0016765.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP223\A0016767.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP223\A0016768.exe Infected: Trojan-Downloader.Win32.Small.cam
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP223\A0016769.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP223\A0016772.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP223\A0016773.exe Infected: Trojan.Win32.StartPage.aha
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP223\A0016774.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP223\A0016775.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP223\A0016776.dll Infected: not-a-virus:AdWare.Win32.Sud.a
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP223\A0016791.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP223\A0016791.exe Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP223\A0016792.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP223\A0016792.exe Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017003.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017004.exe Infected: Trojan.Win32.Runner.h
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017006.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017006.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017006.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017007.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017007.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017007.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017008.exe Infected: Trojan-Downloader.Win32.VB.na
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017009.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017009.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017009.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017009.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017009.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017009.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017010.dll Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017011.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017011.exe Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017012.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017013.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017014.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017015.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017016.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017017.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017018.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017019.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017020.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017021.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017022.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.u
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017023.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.u
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017024.exe Infected: Trojan-Clicker.Win32.VB.is
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017025.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017026.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017027.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017028.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017029.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017029.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017030.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017030.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017031.exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017032.exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017033.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017033.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017033.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017033.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017033.exe Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017037.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017037.exe Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017038.exe Infected: Trojan.Win32.Crypt.e
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017039.exe Infected: Backdoor.Win32.Rbot.rc
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017040.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017041.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017042.exe Infected: Trojan-Downloader.Win32.TSUpdate.n
C:\System Volume Information\_restore{A0E9F6FA-A2AB-4533-AC74-B5E7C61C8661}\RP225\A0017043.exe Infected: Trojan-Downloader.Win32.TSUpdate.f

Scan process completed.

bboytmnt · 01-16-2006, 01:14 PM

Well i did need to use the attachment feature for this last log. so thank you for that suggestion. here are a few notes:

*while using HJT i was able to find the qlink32.dll it had "(file missing)" after it.
*when removing programs i didnt recognize the program "DH"
*while deleting files from my C: i found "C:\WINDOWS\DH.ini" instead of "C:\WINDOWS\DH.dll"
*after going through the steps, my pop-ups seemed to have stopped but norton still detects and deletes a trojan every now and again.

thank you soo much for your help!!! also if you have any idea why my AIM keeps disconnecting every 30 min that would be great.

sUBs · 01-16-2006, 02:45 PM

I see SpySweeper on your machine. Is it the trial version which scans but doesnt clean?
If so, please get rid of it. Without the ability to clean, it's just excess baggage.

* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *

Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf
Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards.

Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run.

Right click on this & select 'Save As' - DNSManual.bat
Doubleclick on DNSManual.bat & allow it to run.

SpywareBlaster 3.5.1
Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items

IE-SpyAD - Extract the contents to a new folder
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list.
Then return to the main menu.
Select option #4 - Add the old porn sites domain

* * * * * *

Start HJT & goto Config > Misc Tools - Open Uninstall Manager
From the box on the left, select DH & hit the "Delete this entry" button located on the righte

* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *

Locate and delete the following files/folders: (let me know if you fail to find/delete any)

C:\Program Files\Common Files\zfif\

C:\Documents and Settings\RJay\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-eea61fb-1982352d.zip

C:\Documents and Settings\RJay\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-3d7228d6-7e1f6873.zip

* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:

Delete Newsgroup cache
Delete Newsgroup Subscriptions
Scan local drives for temporary files

4. Click OK
5. Press the CleanUp! button to start the program.
6. Reboot/logoff if prompted.

This would clear the System Volume Information folder
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter

Tick on the checkbox - Turn off System Restore on all drives
Click Apply

Turn it back 'On' by unticking the same checkbox & click OK

Considering the amount of junk we found in the last scan, let's do another online scan from a different vendor.

Perform an online scan with Internet Explorer with Panda ActiveScan

Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on see report. Then click Save report

Post the contents of the report in your next reply along with a new HJT log

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

bboytmnt · 01-18-2006, 10:42 PM

Online scan report:

Incident Status Location

Adware:adware/sqwire Not disinfected C:\WINDOWS\SYSTEM32\tsuninst.exe
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\RJay\Application Data\Sskuknwrd.dll
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartload.dat
Adware:adware/adwhere Not disinfected Windows Registry
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\RJay\Application Data\Mozilla\Firefox\Profiles\plcty815.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\RJay\Application Data\Mozilla\Firefox\Profiles\plcty815.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\RJay\Application Data\Mozilla\Firefox\Profiles\plcty815.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\RJay\Application Data\Mozilla\Firefox\Profiles\plcty815.default\cookies.txt[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007767.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007767.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007768.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007768.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007769.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007769.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007771.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007771.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007775.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007775.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007776.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007776.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007778.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007778.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007779.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007779.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007783.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007783.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007784.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007784.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007785.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007785.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007786.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007786.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00007788.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007788.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007789.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007789.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007790.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007790.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007796.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007796.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00009198.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009198.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00009200.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009200.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009202.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009202.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Ask Not disinfected C:\RECYCLER\NPROTECT\00009209.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009209.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009312.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009312.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009313.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009313.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009315.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009315.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00009316.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009316.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009317.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009317.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00009324.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009324.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00009326.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009326.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009331.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009331.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009334.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009334.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009374.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009374.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009376.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009376.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00009459.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009459.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009462.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009462.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00009466.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009466.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Ask Not disinfected C:\RECYCLER\NPROTECT\00009546.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009546.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009595.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009595.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009596.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009596.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00009597.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009597.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00009598.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009598.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00009599.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009599.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009768.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009768.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00009835.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009835.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\RECYCLER\NPROTECT\00009836.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009836.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009837.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009837.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010022.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00010022.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010040.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00010040.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00010041.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00010041.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00010074.OLD[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00010074.OLD[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Adware:Adware/Sqwire Not disinfected C:\WINDOWS\system32\tsuninst.exe

HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 9:36:06 PM, on 1/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4057777D-D02F-4C54-A91C-88C4B0077D41}: NameServer = 68.6.16.30,68.6.16.25
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Had no problems following any of the intructions this time and was surprised at the speed of the top 3 programs that i ran.

thanks

bboytmnt · 01-21-2006, 12:55 AM

whoa, i just realized how many times that posted up. what happend was my browser kept giving me an error message and i tried to refresh several times....

sorry about that

sUBs · 01-21-2006, 04:25 AM

Reboot to Safe Mode

Locate and delete the following files/folders: (let me know if you fail to find/delete any)

C:\WINDOWS\SYSTEM32\tsuninst.exe
C:\Documents and Settings\RJay\Application Data\Sskuknwrd.dll
C:\WINDOWS\drsmartload.dat

Then empty the Norton Recycle Bin

Run CleanUp once more & post a fresh log after that

bboytmnt · 01-21-2006, 04:49 PM

I had no problems following your instructions, however i did see a file that you may be interested in. while deleting drsmartload.Dat i found a file called drsmartloadb1.Dat right next to it. Also im not sure if you wanted both a HJT and online scan so here are both:

HJT log
Logfile of HijackThis v1.99.1
Scan saved at 2:47:45 PM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4057777D-D02F-4C54-A91C-88C4B0077D41}: NameServer = 68.6.16.30,68.6.16.25
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

bboytmnt · 01-21-2006, 04:50 PM

Online Scan:

Incident Status Location

Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartloadb1.dat
Adware:adware/adwhere Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\RJay\Application Data\Mozilla\Firefox\Profiles\plcty815.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\RJay\Application Data\Mozilla\Firefox\Profiles\plcty815.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\RJay\Application Data\Mozilla\Firefox\Profiles\plcty815.default\cookies.txt[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007767.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007767.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007768.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007768.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007769.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007769.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007771.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007771.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007775.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007775.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007776.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007776.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007778.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007778.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007779.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007779.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007783.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007783.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007784.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007784.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007785.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007785.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007786.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007786.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00007788.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007788.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007789.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007789.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007790.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007790.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007796.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007796.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00009198.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009198.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00009200.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009200.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009202.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009202.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Ask Not disinfected C:\RECYCLER\NPROTECT\00009209.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009209.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009312.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009312.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009313.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009313.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009315.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009315.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00009316.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009316.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009317.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009317.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00009324.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009324.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00009326.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009326.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009331.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009331.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009334.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009334.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009374.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009374.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009376.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009376.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00009459.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009459.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009462.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009462.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00009466.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009466.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Ask Not disinfected C:\RECYCLER\NPROTECT\00009546.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009546.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009595.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009595.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009596.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009596.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00009597.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009597.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00009598.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009598.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00009599.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009599.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009768.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009768.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00009835.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009835.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\RECYCLER\NPROTECT\00009836.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009836.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009837.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009837.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010022.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00010022.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010040.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00010040.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00010041.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00010041.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00010074.OLD[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00010074.OLD[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010211.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010219.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010220.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010221.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010222.MOZ[]
Spyware:Cookie/Ask Not disinfected C:\RECYCLER\NPROTECT\00010223.MOZ[]
Spyware:Cookie/Ask Not disinfected C:\RECYCLER\NPROTECT\00010224.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010225.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010226.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010279.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010280.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010281.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010282.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010283.MOZ[]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00010284.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010290.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010294.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010308.MOZ[]
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00010333.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010374.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010383.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010384.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010385.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010386.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010387.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010388.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010389.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010390.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010391.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010392.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010393.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010394.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010411.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010412.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010413.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010414.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010514.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010515.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010516.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010517.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010518.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010519.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010520.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010521.MOZ[]
Spyware:Cookie/Bfast Not disinfected C:\RECYCLER\NPROTECT\00010522.MOZ[]
Spyware:Cookie/Bfast Not disinfected C:\RECYCLER\NPROTECT\00010523.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010524.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010525.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010526.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010527.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010528.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010529.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010530.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010531.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010532.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010533.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010534.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010535.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010536.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010537.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010538.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010540.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010541.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010542.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010543.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010544.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010545.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010546.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010547.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010548.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010549.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010550.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010551.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010552.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010553.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010554.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010555.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010556.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010557.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010558.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010559.MOZ[]
Spyware:Cookie/Casalemedia Not disinfected C:\RECYCLER\NPROTECT\00010560.MOZ[]
Spyware:Cookie/Casalemedia Not disinfected C:\RECYCLER\NPROTECT\00010561.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010562.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010563.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010564.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010565.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010566.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010567.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010568.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010569.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010570.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010571.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010572.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010573.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010574.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010575.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010576.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010577.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010578.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010579.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010580.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010581.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010582.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010583.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010584.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010585.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010586.MOZ[]
Spyware:Cookie/Bfast Not disinfected C:\RECYCLER\NPROTECT\00010587.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010588.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010589.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010590.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010591.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010592.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010593.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010594.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010595.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010596.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010597.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010598.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010599.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010600.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010601.MOZ[]
Spyware:Cookie/2o7.net Not disinfected C:\RECYCLER\NPROTECT\00010602.MOZ[]
Spyware:Cookie/2o7.net Not disinfected C:\RECYCLER\NPROTECT\00010603.MOZ[]
Spyware:Cookie/Adserver Not disinfected C:\RECYCLER\NPROTECT\00010604.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010605.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010606.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010607.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010608.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010609.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010610.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010611.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010612.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010613.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010614.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010615.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010616.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010617.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010618.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010634.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010635.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010647.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010648.MOZ[]
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00010649.MOZ[]
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00010650.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010651.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010652.MOZ[]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00010653.MOZ[]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00010681.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010685.MOZ[]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00010686.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010763.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00011414.MOZ[]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00011416.MOZ[]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00011417.MOZ[]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00011418.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00011431.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00011432.MOZ[]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00011433.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00011435.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00011436.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00011461.OLD[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00011534.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00011535.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00011537.MOZ[]

bboytmnt · 01-21-2006, 04:53 PM

Online Scan:

Incident Status Location

Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartloadb1.dat
Adware:adware/adwhere Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\RJay\Application Data\Mozilla\Firefox\Profiles\plcty815.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\RJay\Application Data\Mozilla\Firefox\Profiles\plcty815.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\RJay\Application Data\Mozilla\Firefox\Profiles\plcty815.default\cookies.txt[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007767.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007767.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007768.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007768.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007769.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007769.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007771.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007771.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007775.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007775.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007776.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007776.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007778.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007778.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007779.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007779.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007783.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007783.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007784.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007784.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007785.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007785.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007786.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007786.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00007788.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007788.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007789.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007789.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00007790.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007790.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00007796.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00007796.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00009198.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009198.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00009200.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009200.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009202.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009202.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Ask Not disinfected C:\RECYCLER\NPROTECT\00009209.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009209.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009312.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009312.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009313.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009313.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009315.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009315.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00009316.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009316.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009317.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009317.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00009324.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009324.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00009326.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009326.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009331.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009331.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009334.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009334.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009374.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009374.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009376.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009376.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00009459.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009459.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009462.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009462.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00009466.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009466.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Ask Not disinfected C:\RECYCLER\NPROTECT\00009546.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009546.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00009595.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009595.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009596.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009596.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00009597.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009597.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00009598.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009598.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00009599.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009599.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009768.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009768.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00009835.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009835.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\RECYCLER\NPROTECT\00009836.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009836.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00009837.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00009837.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010022.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00010022.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010040.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00010040.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00010041.MOZ[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00010041.MOZ[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00010074.OLD[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00010074.OLD[dcsmc6ld2bu4fifak8hw6fmna_3u2k]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010211.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010219.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010220.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010221.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010222.MOZ[]
Spyware:Cookie/Ask Not disinfected C:\RECYCLER\NPROTECT\00010223.MOZ[]
Spyware:Cookie/Ask Not disinfected C:\RECYCLER\NPROTECT\00010224.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010225.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010226.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010279.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010280.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010281.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010282.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010283.MOZ[]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00010284.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010290.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010294.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010308.MOZ[]
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00010333.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010374.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010383.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010384.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010385.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010386.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010387.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010388.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010389.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010390.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010391.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010392.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010393.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010394.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010411.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010412.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010413.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010414.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00010514.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010515.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010516.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010517.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010518.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010519.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010520.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010521.MOZ[]
Spyware:Cookie/Bfast Not disinfected C:\RECYCLER\NPROTECT\00010522.MOZ[]
Spyware:Cookie/Bfast Not disinfected C:\RECYCLER\NPROTECT\00010523.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010524.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010525.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010526.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010527.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010528.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010529.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010530.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010531.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010532.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010533.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010534.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010535.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010536.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010537.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010538.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010540.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010541.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010542.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010543.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010544.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010545.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010546.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010547.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010548.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010549.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010550.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010551.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010552.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010553.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010554.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010555.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010556.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010557.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010558.MOZ[]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00010559.MOZ[]
Spyware:Cookie/Casalemedia Not disinfected C:\RECYCLER\NPROTECT\00010560.MOZ[]
Spyware:Cookie/Casalemedia Not disinfected C:\RECYCLER\NPROTECT\00010561.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010562.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010563.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010564.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010565.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010566.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010567.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010568.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010569.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010570.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010571.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010572.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010573.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010574.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010575.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010576.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010577.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010578.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010579.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010580.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010581.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010582.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010583.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010584.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010585.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010586.MOZ[]
Spyware:Cookie/Bfast Not disinfected C:\RECYCLER\NPROTECT\00010587.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010588.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010589.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010590.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010591.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010592.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010593.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010594.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010595.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010596.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010597.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010598.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010599.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010600.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010601.MOZ[]
Spyware:Cookie/2o7.net Not disinfected C:\RECYCLER\NPROTECT\00010602.MOZ[]
Spyware:Cookie/2o7.net Not disinfected C:\RECYCLER\NPROTECT\00010603.MOZ[]
Spyware:Cookie/Adserver Not disinfected C:\RECYCLER\NPROTECT\00010604.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010605.MOZ[]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00010606.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010607.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010608.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010609.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00010610.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010611.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010612.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010613.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010614.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010615.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010616.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010617.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010618.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00010634.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010635.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010647.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010648.MOZ[]
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00010649.MOZ[]
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00010650.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010651.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010652.MOZ[]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00010653.MOZ[]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00010681.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010685.MOZ[]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00010686.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00010763.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00011414.MOZ[]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00011416.MOZ[]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00011417.MOZ[]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00011418.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00011431.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00011432.MOZ[]
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\NPROTECT\00011433.MOZ[]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00011435.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00011436.MOZ[]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00011461.OLD[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00011534.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00011535.MOZ[]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00011537.MOZ[]

sUBs · 01-21-2006, 04:54 PM

Quote:

i found a file called drsmartloadb1.Dat right next to it.

It's just a left over file from the infection. Without a reg entry to trigger it, it's plain harmless. Please delete it.

Your system is clean. Kindly follow these simple steps in order to keep your computer clean and secure:

CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter
- Tick on the checkbox - Turn off System Restore on all drives
- Click Apply
Turn it back 'On' by unticking the same checkbox & click OK
DISABLE THE VIEWING OF SYSTEM FILES
From Windows Explorer, go to Tools>Folder Options> View tab.
- Untick - Show hidden files and folder
- Tick - Hide file extensions for known types
- Tick - Hide protected operating system files
Click Yes to confirm & then click OK
SECURING INTERNET EXPLORER
From within Internet Explorer click on the Tools menu and then click on Internet Options.
- Select the Security tab
  - Click once on the Internet icon so it becomes highlighted.
  - Select Custom Level .
    - Change 'Download signed ActiveX controls' to Prompt
    - Change 'Download unsigned ActiveX controls' to Disable
    - Change 'Initialize and script ActiveX controls not marked as safe' to Disable
    - Change 'Installation of desktop items' to Prompt
    - Change 'Launching programs and files in an IFRAME' to Prompt
    - Change 'Navigate sub-frames across different domains' to Prompt
    - When all these changes have been made, click on the OK button.
  - If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Select OK to exit the Internet Properties page.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
FIREWALL
Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here.
Microsoft Windows Update
Visit windowsupdate.com regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
AD-AWARE
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
Google Toolbar - Get the free google toolbar to help stop pop up windows.
CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.
Winpatrol - Download and install the free version of Winpatrol.
A tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.

sUBs · 01-21-2006, 04:55 PM

Have we not emptied Norton's Recycle Bin?

bboytmnt · 01-21-2006, 05:01 PM

whoa, quick reply!!! anyhow i did empty the norton recycle bin by right clicking and clicking empty, but now i assume that that isnt the way to do it? everytime i double click the bin, it takes me to a recovery screen....

btw do you still need that online scan?

thanks so much!!!

sUBs · 01-21-2006, 05:05 PM

No need for the extra scan. Please reboot to Safe to delete the contents of this folder, leaving it empty:

C:\RECYCLER\NPROTECT\

Let me know how that went

bboytmnt · 01-23-2006, 09:21 PM

i had no problems deleting the contents. thanks soo much for your help!!!

01-11-2006, 04:45 AM	#1 (permalink)
bboytmnt Registered User Join Date: Jan 2006 Posts: 12 OS: xp	unstoppable pop-ups and unders did everything i could... i have not had this problem in a very very long time. i use spysweeper and norton and have been free of this kind of problem for a year until i took my notebook out of town... i have been getting pop-ups from partypoker, hostreview, ad.yieldmanager, etc... i spyswept, antivirused, and registry cleaned but i cant stop my problem. help please... here is my log: Logfile of HijackThis v1.99.1 Scan saved at 3:41:09 AM, on 1/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\RegSrvc.exe C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\wwSecure.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\1XConfig.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe C:\WINDOWS\newfrn.exe C:\Program Files\AIM\aim.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Dell\Bluetooth Software\BTTray.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE C:\Program Files\BitComet\BitComet.exe C:\Program Files\Registry Mechanic\RegMech.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "RJay" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{4057777D-D02F-4C54-A91C-88C4B0077D41}: NameServer = 68.6.16.30,68.6.16.25 O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe thanks

01-12-2006, 05:24 AM	#2 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. * * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * * Download & install CleanUp.exe (not recommended for WinXP64) Download and install Ewido Security Suite When installing, under "Additional Options", uncheck - Install background guard Have Ewido update itself & then exit the program. If you are having problems with the updater, you can use this link to manually update Ewido 'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding. It is IMPORTANT that you don't miss a step & perform everything in the correct order. Please disable Webroot SpySweeper, as it hinders the removal of some entries. You can re-enable it after you're clean. To disable Webroot SpySweeper: Go to the Options>Program Options Uncheck Load at Windows Startup Click Shields & uncheck all items there Uncheck Home page shield. Automaticly restore default without notification * * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * * Do a HijackThis scan & place a check next to these items and select "Fix checked": R3 - Default URLSearchHook is missing O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll * * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * * 1. Restart your computer 2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3. Instead of Windows loading as normal, a menu should appear 4. Select the option to run Windows in Safe Mode. * * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * * Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs: Hyperlinker / QL Please note any other programs that you dont recognize in that list in your next response * * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * * If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools -> Folder Options -> View tab. Tick - 'Show hidden files and folder' Untick - 'Hide file extensions for known types' Untick - 'Hide protected operating system files' Click Yes to confirm & then click OK Locate and delete the following files/folders: (let me know if you fail to find/delete any) C:\WINDOWS\newfrn.exe C:\Program Files\QL\ C:\WINDOWS\DH.dll * * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * * Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider initially to Standard CleanUp! 3. Uncheck the following: Delete Newsgroup cache Delete Newsgroup Subscriptions Scan local drives for temporary files 4. Click OK 5. Press the CleanUp! button to start the program. 6. Do NOT reboot/logoff if prompted. * CleanUp! will not create any backups!! * * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * * Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click Complete System Scan to begin scanning. Click OK when prompted to clean files With the first file it prompts to clean, select the option: "Perform action on all infections" .Choose clean and click OK. Once finished, click the Save report button & save the report to your desktop ** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete. * * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * * Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan * * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * * In your next post, please include fresh logs from: HiJackThis log Online Scan Ewido Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________ Question - what have you done for the community today?

01-14-2006, 10:32 PM	#4 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	Ermmm...what happened to the other logs? __________________ Question - what have you done for the community today?

01-16-2006, 06:09 AM	#6 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	Try placing it as an attachment instead. __________________ Question - what have you done for the community today?

01-16-2006, 02:45 PM	#9 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	I see SpySweeper on your machine. Is it the trial version which scans but doesnt clean? If so, please get rid of it. Without the ability to clean, it's just excess baggage. * * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * * Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards. Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run. Right click on this & select 'Save As' - DNSManual.bat Doubleclick on DNSManual.bat & allow it to run. SpywareBlaster 3.5.1 Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items IE-SpyAD - Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list. Then return to the main menu. Select option #4 - Add the old porn sites domain * * * * * * Start HJT & goto Config > Misc Tools - Open Uninstall Manager From the box on the left, select DH & hit the "Delete this entry" button located on the righte * * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * * Locate and delete the following files/folders: (let me know if you fail to find/delete any) C:\Program Files\Common Files\zfif\ C:\Documents and Settings\RJay\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-eea61fb-1982352d.zip C:\Documents and Settings\RJay\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-3d7228d6-7e1f6873.zip * * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * * Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider initially to Standard CleanUp! 3. Uncheck the following: Delete Newsgroup cache Delete Newsgroup Subscriptions Scan local drives for temporary files 4. Click OK 5. Press the CleanUp! button to start the program. 6. Reboot/logoff if prompted. This would clear the System Volume Information folder Go to Start >> Run - type control sysdm.cpl,,4 & press Enter Tick on the checkbox - Turn off System Restore on all drives Click Apply Turn it back 'On' by unticking the same checkbox & click OK Considering the amount of junk we found in the last scan, let's do another online scan from a different vendor. Perform an online scan with Internet Explorer with Panda ActiveScan Click Scan your PC & a 'pop up' window shall appear. ensure that your pop up blocker doesn't block it Click Scan Now* Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on see report. Then click Save report Post the contents of the report in your next reply along with a new HJT log You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. Turn off the real time scanner of any existing antivirus program while performing the online scan __________________ Question - what have you done for the community today?

01-14-2006, 08:50 PM	#3 (permalink)
bboytmnt Registered User Join Date: Jan 2006 Posts: 12 OS: xp	Thank you very much for your reply, i almost gave up. due to my lack of time (work) i havent been able to post a reply. also when i tried to post my reply yesterday, it lagged and told me that i execed the number of characters allowed. so, ill be dividing this post into part. here are my logs: HJT: Logfile of HijackThis v1.99.1 Scan saved at 7:49:48 PM, on 1/14/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\RegSrvc.exe C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wwSecure.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\1XConfig.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe C:\Program Files\AIM\aim.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Dell\Bluetooth Software\BTTray.exe C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4057777D-D02F-4C54-A91C-88C4B0077D41}: NameServer = 68.6.16.30,68.6.16.25 O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

01-16-2006, 03:31 AM	#5 (permalink)
bboytmnt Registered User Join Date: Jan 2006 Posts: 12 OS: xp	im really sorry about that, the online scan seems to be extremely big on its own. trying to divide it was such a huge hassel that i didnt have much time for. anyhow while looking at the log i noticed that most of it was the "quaratine" files from norton so i just deleted those files in the norton program and will be running a new scan with kaspersky... sorry for the delay and i appreciate your patience with me.

01-21-2006, 12:55 AM	#11 (permalink)
bboytmnt Registered User Join Date: Jan 2006 Posts: 12 OS: xp	whoa, i just realized how many times that posted up. what happend was my browser kept giving me an error message and i tried to refresh several times.... sorry about that

01-21-2006, 04:25 AM	#12 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	Reboot to Safe Mode Locate and delete the following files/folders: (let me know if you fail to find/delete any) C:\WINDOWS\SYSTEM32\tsuninst.exe C:\Documents and Settings\RJay\Application Data\Sskuknwrd.dll C:\WINDOWS\drsmartload.dat Then empty the Norton Recycle Bin Run CleanUp once more & post a fresh log after that __________________ Question - what have you done for the community today?

01-21-2006, 04:49 PM	#13 (permalink)
bboytmnt Registered User Join Date: Jan 2006 Posts: 12 OS: xp	I had no problems following your instructions, however i did see a file that you may be interested in. while deleting drsmartload.Dat i found a file called drsmartloadb1.Dat right next to it. Also im not sure if you wanted both a HJT and online scan so here are both: HJT log Logfile of HijackThis v1.99.1 Scan saved at 2:47:45 PM, on 1/21/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\RegSrvc.exe C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wwSecure.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\System32\1XConfig.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe C:\WINDOWS\system32\lexpps.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM\aim.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Dell\Bluetooth Software\BTTray.exe C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE C:\HJT\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4057777D-D02F-4C54-A91C-88C4B0077D41}: NameServer = 68.6.16.30,68.6.16.25 O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

01-21-2006, 04:55 PM	#17 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	Have we not emptied Norton's Recycle Bin? __________________ Question - what have you done for the community today?

01-21-2006, 05:01 PM	#18 (permalink)
bboytmnt Registered User Join Date: Jan 2006 Posts: 12 OS: xp	whoa, quick reply!!! anyhow i did empty the norton recycle bin by right clicking and clicking empty, but now i assume that that isnt the way to do it? everytime i double click the bin, it takes me to a recovery screen.... btw do you still need that online scan? thanks so much!!!

01-21-2006, 05:05 PM	#19 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	No need for the extra scan. Please reboot to Safe to delete the contents of this folder, leaving it empty: C:\RECYCLER\NPROTECT\ Let me know how that went __________________ Question - what have you done for the community today?

01-23-2006, 09:21 PM	#20 (permalink)
bboytmnt Registered User Join Date: Jan 2006 Posts: 12 OS: xp	i had no problems deleting the contents. thanks soo much for your help!!!