Please help! I've tried [almost] everything!

jrobin · 04-18-2006, 02:15 PM

Hi! Tried over and over, Antivirus (boot scan) nothing...Ad-Aware, nothing....
bottom line is, icons in my notification area not showing up (although the apps seem to be running. Another side effect is that if I type an address into IE address field and hit ENTER or the ->GO button nothing happens (the MS logo in the top right will move bot no action)...I need to use the pull down, go to google, and type the url there (nice). I have been able to use system restore to get back to a state where things look ok, but no matter what I try from that point (AV, Ad-Aware, Spybot S&D, ect), when I reboot its back to this scary state...here is the log, any ideas?
Logfile of HijackThis v1.99.1
Scan saved at 4:02:53 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\SYSTEM32\NTPTIME.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\verclsid.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\verclsid.exe
C:\Documents and Settings\Jenifer\My Documents\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://mirror.worldwinner.com/games/...m/skillgam.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v47...t/brickout.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v45/pool/pool.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49...k/bjattack.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121359716830
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {90B7E2B3-2E56-4571-9E54-823E33C4B4B4} (TracMan Control) - http://www.worldwinner.com/games/v46...an/tracman.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) - http://www.worldwinner.com/games/v48/chess/chess.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {E2739AFF-FA40-4527-9A19-DE81795C2C03} (MSN Money Ticker) - http://moneycentral.msn.com/cabs/ticker.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v45...s/wwspades.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51...ol/h2hpool.cab
O18 - Protocol: bw+0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NTPTime - Unknown owner - C:\WINDOWS\SYSTEM32\NTPTIME.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks!!

**Glaswegian** · 04-18-2006, 03:44 PM

Hi and welcome to TSF.

There's nothing major jumping out at me, but I notice you have HP Share-to-Web and the latest MS update. Firstly go here

http://support.microsoft.com/default.aspx/kb/918165

and follow the instructions, then post back and let me know how your system is performing.

I'll then provide some instructions for doing a general clean up.

jrobin · 04-18-2006, 04:48 PM

Tried that fix, didn't work BUT - now I have the little arrow in the notification area, only I can see just 4 total icons (again, the other services/programs seem to be running, but are not there). Avast AV, Sygate FW, "HP Photosmart" status and "Picture Package menu" - I would uninstall all the HP stuff if someone thinks that would help...

**Glaswegian** · 04-18-2006, 04:57 PM

Hi again

OK, as I said there's nothing major jumping out at me, but let's clean up and see if there's anything hiding.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers when you are following the procedures below.

MSconfig Enabled
I see you have msconfig enabled. This may prevent us from seeing everything running on your system. Please re-enable all startup items.

Go to Start > Run type msconfig and press Enter.

Select Normal Startup - Load all Device Drivers and Services

Press the 'Exit without restarting' button - we will reboot later.

Disable SpyBot Tea Timer
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

Disable Microsoft Antispyware/Defender
Please disable Microsoft AntiSpyware, as it may hinder the removal of some entries. You can re-enable it after you're clean.

Right-click on the Microsoft Anti-Spyware icon in the system tray [it's the one with the red and yellow bulls-eye].
Click on "Security Agents Status".
Click on "Disable real-time protection".
Next right-click on the Microsoft Anti-Spyware icon in the system tray again to open Microsoft Anti-Spyware.
Click on the Options menu and choose Settings. In the left pane column click on "Real Time Protection".
Under Startup Options, uncheck "Enable (MSAS) Security Agents on startup (recommended)"
Under Real-time spyware threat protection, uncheck "Enable real-time spyware threat protection" (recommended).
Click the Save button and close Microsoft AntiSpyware.
Finally, right-click on the MSAS icon in the system tray and select "Shutdown Microsoft Antispyware".

Downloads
Please download Cleanup! or use this Alternate Link if the main link does not work and install it. You will use this later.

Download Ewido Anti-Malware

Install Ewido Anti-Malware
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
When you have finished updating, EXIT Ewido.

Run CleanUp!
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW!

Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!
Check the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users

Uncheck the following :

Scan local drives for temporary files

Click OK, Press the CleanUp! button to start the program and reboot when prompted.
Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these BEFORE running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.

Reboot
Reboot your system in Safe Mode.

Restart the computer. The computer begins processing a set of instructions known as BIOS.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
Instead of Windows loading as normal, a menu should appear
Use the arrow key to highlight Safe Mode and press Enter.

HijackThis Entries
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe

Leave only the first Logitech entry and fix all others like this
O18 - Protocol: bwg0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Please remember to close all other windows, including browsers then click Fix checked.

Run Ewido
Run Ewido with it's updated definitions (...it's important that all windows must be closed)

Click on scanner
Click on Complete System Scan and the scan will begin.
NOTE: During some scans with Ewido it is finding cases of false positives.
You will need to step through the process of cleaning files one-by-one.
If Ewido detects a file you KNOW to be legitimate, select none as the action.
DO NOT select "Perform action on all infections"
If you are unsure of any entry found select none for now.
When the scan is finished, click the Save Report button at the bottom of the screen.
Save the report to your desktop

Close Ewido

NOTE: Ewido scan will require at least an hour.

Reboot
Reboot your system in Normal Mode.

Online Scan

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner.

1. Click Check Now and a "pop up" window will appear. *Please ensure that your pop up blocker doesn't block it *
2. Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.

Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.

Click on See report then click Save report

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

Logs required
Ewido Log
Panda Log
HijackThis Log

Please also let me know how your system is performing now and if you have any specific problems.

jrobin · 04-18-2006, 05:11 PM

I can't right click on Tea Timer or Antispyware because...the icons aren't there, thats the problem...I'll see if I can go into the progs and do the same thing

jrobin · 04-18-2006, 09:18 PM

Thank you very much for your time. It looks like there may be some kind of progress.
I noticed when CleanUp! was run, after it asked me to log off and log back on, the problem was resolved (temporarily). I know I owe you some logs, I'll include those at the bottom. The Panda is hanging right now and I'm pretty sure it was because the Avast Antivirus had a problem with it, I may need to re-run after I figure out how to re-install the ActiveX control. I can't even close the windopw now, but it sounds like its scanning...

First allow me to list what Cleanup lists as deleted (or pending deletion) while the machine is screwed up (before the log-off) - followed by a list of what it shows on a "cleanup" when the machine seems to be in perfect working order...

While not running properly:
C:\Documents and Settings\Jenifer\Local Settings\Temporary Internet Files\Content.IE5\YSLSYI3H\voice_on[1].gif - deleted
C:\Documents and Settings\Jenifer\Local Settings\Temporary Internet Files\Content.IE5\YSLSYI3H\webmail_signin_sky;!category=secure;sz=120x600;ptile=2;ord=-1489125253[1].htm - deleted
C:\Documents and Settings\Jenifer\Local Settings\Temporary Internet Files\Content.IE5\YSLSYI3H\what_over[1].gif - deleted
C:\Documents and Settings\Jenifer\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
http://www.cnn.com/.element/ssi/www/...kingNewsBanner - deleted
http://my.eimg.net/img/channels/www/header_arrow.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/ac.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...dr.wd.tech.gif - deleted
http://my.eimg.net/img/channels/www/header_back.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/logo_cnn.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/pz.gif - deleted
http://w.eimg.net/i/newNav/cart_on.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/ac_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...nav_emails.gif - deleted
http://my.eimg.net/img/channels/www/footer_back.gif - deleted
http://w.eimg.net/i/newNav/wireless_off.gif - deleted
http://w.eimg.net/i/newNav/wireless_on.gif - deleted
https://webmail.pas.earthlink.net/wa...ink/search.gif - deleted
https://ad.doubleclick.net/639995/frust_man_EL_120x600.swf?clickTag=https://ad.doubleclick.net/click%3Bh=v5|33cc|3|0|%2a|e%3B29755471%3B0-0%3B0%3B12697905%3B933-120|600%3B15710166|15728061|1%3B%3B%7Esscs%3D%3fhttp%3A//www.earthlinkcybercheck.net - deleted
http://w.eimg.net/i/newNav/home_off.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../advlinks1.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../live_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...z/hdr_line.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._watch_vid.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...d.sponsors.gif - deleted
https://webmail.pas.earthlink.net/wam/js/login.js - deleted
https://webmail.pas.earthlink.net/wa.../login/ebp.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...quote_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...biz/tab_bg.gif - deleted
http://w.eimg.net/i/newNav/cart_off.gif - deleted
https://webmail.pas.earthlink.net/wa...der2-right.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../hdr_yahoo.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...cnn_bg_red.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n_hor.dash.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...d.business.gif - deleted
http://www.earthlink.net/ - deleted
http://w.eimg.net/i/newNav/mcenter_on.gif - deleted
http://w.eimg.net/i/nav/earthlink_logo.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...z/tab_left.gif - deleted
http://w.eimg.net/i/newNav/softools_on.gif - deleted
http://i.a.cnn.net/cnn/.element/ssi/css/1.5/main.css - deleted
http://i.a.cnn.net/cnn/.element/ssi/js/1.3/main.js - deleted
http://www.cnn.com/.element/ssi/www/...SponsoredLinks - deleted
http://i.a.cnn.net/cnn/.element/img/...in/lt_grey.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...op_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._bg_orange.gif - deleted
http://www.earthlink.net/scripts/so.js - deleted
http://i.a.cnn.net/cnn/video/us/2006....prices.fp.jpg - deleted
http://www.earthlink.net/scripts/s_code_remote.js - deleted
http://i.a.cnn.net/cnn/.element/ssi/js/1.3/omniture.js - deleted
http://i.cnn.net/cnn/cnn_adspaces/da...vernursing.com - deleted
http://i.a.cnn.net/cnn/.element/img/...tner_money.gif - deleted
http://cnn.dyn.cnn.com/cookie.crumb - deleted
http://i.a.cnn.net/cnn/.element/img/...stpop_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...iz/hdr_end.gif - deleted
http://i.cnn.net/cnn/.element/img/1....z/hdr_line.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...adient_334.gif - deleted
http://i.a.cnn.net/cnn/2006/US/04/10...pizza.love.jpg - deleted
http://www.earthlink.net/scripts/common.js - deleted
http://ar.atwola.com/file/adsWrapper.js - deleted
http://i.cnn.net/cnn/.element/img/1..../tab_right.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/ld.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da...ity.306x60.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...hedule_btn.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...eft_corner.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ne_mod_hdr.jpg - deleted
https://ad.doubleclick.net/879366/DartRichMedia_1_03.js - deleted
https://webmail.pas.earthlink.net/wa.../login/icw.gif - deleted
http://i.a.cnn.net/cnn/.element/ssi/js/1.3/s_code.js - deleted
http://my.eimg.net/img/channels/www/header_right.gif - deleted
http://w.eimg.net/i/newNav/voice_off.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../btm_cwire.gif - deleted
http://i.cnn.net/cnn/.element/img/1....z/tab_left.gif - deleted
http://i.cnn.net/cnn/.element/img/1....te_blue_wt.gif - deleted
https://ad.doubleclick.net/adi/webma...d=-1489125253? - deleted
http://i.a.cnn.net/cnn/.element/img/...ories_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...hdr.wd.law.gif - deleted
http://i.a.cnn.net/cnn/.element/img/1.3/main/novell.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/pz_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...sched_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._line_edge.gif - deleted
https://webmail.pas.earthlink.net/wa.../bg2-whole.gif - deleted
http://i.cnn.net/cnn/.element/img/1....ine_ltblue.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...bottom.334.gif - deleted
http://w.eimg.net/i/newNav/net_on.gif - deleted
https://webmail.pas.earthlink.net/wa...ooter-left.gif - deleted
https://webmail.pas.earthlink.net/wa...oter-right.gif - deleted
https://webmail.pas.earthlink.net/wa...ader2-left.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...atest_news.gif - deleted
http://i.cnn.net/cnn/.element/img/1....iz/hdr_end.gif - deleted
http://www.cnn.com/SPECIALS/2005/onl...ages/tz.02.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...con.wd.xml.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/am.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n/cnn_wire.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ve_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ine_footer.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n.vert.div.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../cl/cl_bar.gif - deleted
http://cnn.dyn.cnn.com/1.gif?1145413368228 - deleted
http://i.a.cnn.net/cnn/.element/ssi/...lash_detect.js - deleted
http://i.a.cnn.net/cnn/.element/img/...rtical.dot.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....pipe.gray.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../what_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../biz/quote.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ne_hdr_end.gif - deleted
http://i.a.cnn.net/cnn/2006/images/02/27/tz.gupta.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/....wd.travel.gif - deleted
http://www.earthlink.net/scripts/common.css - deleted
http://my.eimg.net/img/channels/www/button.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../bestvideo.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...nly_on_cnn.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....quickvote.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...dr_the_web.gif - deleted
http://servedby.advertising.com/site.../bins=1/optn=1 - deleted
http://i.a.cnn.net/cnn/.element/img/...partner_si.gif - deleted
http://my.earthlink.net/scripts/track.js - deleted
http://i.a.cnn.net/cnn/.element/img/...iz/markets.gif - deleted
http://i.cnn.net/cnn/images/1.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/ng.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../tab_right.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...z/arrow.up.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...partner_ew.gif - deleted
http://w.eimg.net/i/newNav/voice_on.gif - deleted
http://i.a.cnn.net/cnn/.element/ssi/css/1.3/common.css - deleted
http://i.cnn.net/cnn/.element/img/1....ine_dkblue.gif - deleted
http://i.a.cnn.net/cnn/images/1.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...icon_video.gif - deleted
http://my.eimg.net/img/weather/31/33.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...av_cnntogo.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n/tv/ac360.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/....rt.corner.gif - deleted
http://ar.atwola.com/file/adsEnd.js - deleted
http://i.a.cnn.net/cnn/.element/img/...biz/hdr_bg.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da.../232517rgb.gif - deleted
https://webmail.pas.earthlink.net/wa...k/bg-whole.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ive_screen.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...fb.top.334.gif - deleted
http://w.eimg.net/i/newNav/home_on.gif - deleted
https://webmail.pas.earthlink.net/wa...ader-right.gif - deleted
http://w.eimg.net/i/newNav/mcenter_off.gif - deleted
http://w.eimg.net/i/nav/btn_search.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ket_update.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/am_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....wd.sports.gif - deleted
https://webmail.pas.earthlink.net/wa.../truevoice.gif - deleted
http://i.cnn.net/cnn/.element/img/1....iz/markets.gif - deleted
http://www.cnn.com/interactive/us/06...katrina/tz.gif - deleted
http://i.a.cnn.net/cnn/.element/img/1.5/ceiling/ccc.gif - deleted
http://gdyn.cnn.com/1.1/1.gif?1145413368228 - deleted
http://my.eimg.net/img/channels/www/footer_right.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...hows/sched.gif - deleted
http://my.eimg.net/img/channels/www/expedia_www.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/ld_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ideo/minus.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...asts_radio.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...sts_rt_end.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...wd.weather.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...v/time_tab.gif - deleted
http://i.a.cnn.net/cnn/1.gif - deleted
http://www.earthlink.net/scripts/nav_sub.js - deleted
https://webmail.pas.earthlink.net/wam/js/domains.js - deleted
https://webmail.pas.earthlink.net/wa...ton-signin.gif - deleted
http://servedby.advertising.com/site...=805943/optn=1 - deleted
http://i.a.cnn.net/cnn/.element/img/...ts_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/sr_over.gif - deleted
http://i.cnn.net/cnn/.element/img/1....finances_1.gif - deleted
https://webmail.pas.earthlink.net/wa.../elnk_logo.gif - deleted
https://webmail.pas.earthlink.net/wa...ink/google.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...s/lkl_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...rtner_time.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ght_corner.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...fb.generic.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...d.politics.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....education.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da...3512120x90.gif - deleted
http://www.cnn.com/ - deleted
http://i.a.cnn.net/cnn/.element/img/...bs/mostpop.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...v_podcasts.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._bg_bottom.gif - deleted
http://w.eimg.net/i/newNav/net_off.gif - deleted
http://i.cnn.net/cnn/.element/img/1....49/stream1.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...gray.arrow.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da...016logo.cb.gif - deleted
https://webmail.pas.earthlink.net/wa...link/style.css - deleted
http://i.a.cnn.net/cnn/.element/img/...on.offsite.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...wd.science.gif - deleted
http://cl.cnn.com/ctxtlink/jsp/cnn/c...txt&origin=cnn - deleted
http://w.eimg.net/i/nav/new_google_logo.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...dr_cnn_com.gif - deleted
http://i.cnn.net/cnn/.element/img/1...._bigcharts.gif - deleted
http://cl.cnn.com/ctxtlink/jsp/cnn/c...stings_default - deleted
http://my.eimg.net/img/channels/www/footer_left.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../shows/lkl.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...in/tv/10pm.gif - deleted
http://i.a.cnn.net/cnn/.element/ssi/...ainVideoMod.js - deleted
http://i.a.cnn.net/cnn/.element/img/...topstories.gif - deleted
http://i.a.cnn.net/cnn/cnn_adspaces/cnn_adspaces.js - deleted
http://i.a.cnn.net/cnn/.element/img/...in/hdr_end.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ove_Beyond.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../tabs/what.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ng/nav_rss.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ine_dkblue.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ertisement.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...llet.round.gif - deleted
http://i.cnn.net/cnn/.element/img/1.4/main/biz/ddd.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...wd.us.home.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/sr.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...hdr_search.gif - deleted
https://webmail.pas.earthlink.net/wa...eader-left.gif - deleted
http://i.a.cnn.net/cnn/2006/images/0...newyork.ap.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...abs/hdr_bg.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...eo_blue_wt.gif - deleted
http://cnn.dyn.cnn.com/weatherBox.ht...=1145413367368 - deleted
http://i.a.cnn.net/cnn/.element/img/...ft_end_red.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....wd.health.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._vert.dash.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n/hdr_bg_2.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...video/plus.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...pe_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...con.wd.pod.gif - deleted
http://my.eimg.net/img/channels/www/header_left.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/ng_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...rkets_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._separator.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...es_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...world.home.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...r_partners.gif - deleted
http://i.a.cnn.net/cnn/2006/images/0...ord_shelby.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/.../tabs/live.gif - deleted
http://i.a.cnn.net/cnn/video/health/...18/face.fp.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...this_white.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...review_btn.gif - deleted
http://i.a.cnn.net/cnn/.element/img/1.3/floor/dots.gif - deleted
http://my.eimg.net/img/channels/www/techshopPromo.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...eildivider.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ertainment.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...video_over.gif - deleted
http://m.doubleclick.net/dot.gif - deleted
http://w.eimg.net/i/newNav/biz_on.gif - deleted
http://w.eimg.net//i/newNav/cart_off.gif - deleted
https://webmail.pas.earthlink.net/wa.../navbar_bg.gif - deleted
http://my.eimg.net/img/channels/www/as_back.gif - deleted
http://w.eimg.net/i/newNav/biz_off.gif - deleted
https://secure.leadback.advertising....tq=1063=350892 - deleted
http://my.eimg.net/img/channels/www/weather.gif - deleted
https://webmail.pas.earthlink.net/wa...-footer-bg.gif - deleted
http://w.eimg.net/i/newNav/softools_off.gif - deleted
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\MSHist012006041820060419\index.dat - deleted
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\MSHist012006041820060419\ - deleted
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
'Typed URLs' (Internet Explorer) - removed from the registry.
Visited: Jenifer@http://www.cnn.com - deleted
Visited: Jenifer@http://webmail.earthlink.net - deleted
Visited: Jenifer@https://webmail.pas.earthlin...am%2Findex.jsp&x=-940270454 - deleted
C:\Documents and Settings\Jenifer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Cookies\jenifer@2o7[2].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@ads.cnn[1].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@cnn.122.2o7[1].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@cnn[2].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@earthlink[2].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@edge.ru4[1].txt - deleted
Cookie:jenifer@ads.cnn.com/ - deleted
Cookie:jenifer@edge.ru4.com/ - deleted
Cookie:jenifer@cnn.122.2o7.net/ - deleted
Cookie:jenifer@2o7.net/ - deleted
Cookie:jenifer@cnn.com/ - deleted
Cookie:jenifer@earthlink.net/ - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\HPH1.tmp - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\HPH3.tmp - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\IadHide5.dll currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\~DF2FB4.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\~DF8B54.tmp - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\_avast4_\ - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\IadHide5.dll currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\~DF2FB4.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\JET1E9F.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\Perflib_Perfdata_dc.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\_avast4_\Webshlock.txt currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\Temp\IadHide5.dll currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\Temp\~DF2FB4.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf - deleted
C:\WINDOWS\Prefetch\ASHMAISV.EXE-12E27032.pf - deleted
C:\WINDOWS\Prefetch\ASHWEBSV.EXE-0548EF0A.pf - deleted
C:\WINDOWS\Prefetch\AVAST.SETUP-032170A8.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-1B0F5664.pf - deleted
C:\WINDOWS\Prefetch\DRGTODSC.EXE-2EA93301.pf - deleted
C:\WINDOWS\Prefetch\ENGUTIL.EXE-12902716.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\WINDOWS\Prefetch\GIANTANTISPYWAREUPDATER.EXE-01DFD337.pf - deleted
C:\WINDOWS\Prefetch\HPGS2WND.EXE-06AC8C27.pf - deleted
C:\WINDOWS\Prefetch\HPGS2WNF.EXE-0E86C34B.pf - deleted
C:\WINDOWS\Prefetch\HPHIPM11.EXE-25D93894.pf - deleted
C:\WINDOWS\Prefetch\HVIDEOS2.EXE-14D68569.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted
C:\WINDOWS\Prefetch\ITOUCH.EXE-0DDF2B56.pf - deleted
C:\WINDOWS\Prefetch\JUSCHED.EXE-2ABC3D1B.pf - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\MSPMSPSV.EXE-159858D5.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\NTPTIME.EXE-26343316.pf - deleted
C:\WINDOWS\Prefetch\RESIDENCE.EXE-2ACE91B5.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CD85FD3.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-35A483DA.pf - deleted
C:\WINDOWS\Prefetch\RXMON.EXE-06BF68E3.pf - deleted
C:\WINDOWS\Prefetch\SETUP.OVR-154CE291.pf - deleted
C:\WINDOWS\Prefetch\SMC.EXE-2CDB6670.pf - deleted
C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf - deleted
C:\WINDOWS\Prefetch\SYMLCSVC.EXE-0DE3B05C.pf - deleted
C:\WINDOWS\Prefetch\SYMWSC.EXE-321AAE19.pf - deleted
C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted
C:\WINDOWS\Prefetch\WDFMGR.EXE-2CF4013B.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
C:\WINDOWS\Prefetch\WZQKPICK.EXE-350A392A.pf - deleted
'Run MRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.1 recovered 2.7 MB of disk space from 541 files.
CleanUp! finished on 04/18/06 22:23:16.
________________________________________________________________

While running properly (it seems :)
CleanUp! started on 04/18/06 22:32:01.
...
http://i.a.cnn.net/cnn/.element/img/.../advlinks1.gif - deleted
http://cl.cnn.com/ctxtlink/jsp/cnn/c...stings_default - deleted
http://castlecops.com/modules/Forums...ini_groups.gif - deleted
http://castlecops.com/modules/Forums...n_minipost.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../live_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...z/hdr_line.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._watch_vid.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...d.sponsors.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...quote_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...biz/tab_bg.gif - deleted
http://www.google.com/logos/Logo_25wht.gif - deleted
http://castlecops.com/themes/Cops_10.../footer/sl.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../hdr_yahoo.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...cnn_bg_red.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n_hor.dash.gif - deleted
http://cnn.dyn.cnn.com/weatherBox.ht...=1145413487634 - deleted
http://i.a.cnn.net/cnn/.element/img/...d.business.gif - deleted
http://castlecops.com/themes/Cops_10.../footer/ur.gif - deleted
http://www.file.net/img/spyrate0.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...z/tab_left.gif - deleted
http://castlecops.com/modules/Forums...ni_message.gif - deleted
http://castlecops.com/modules/Forums...mini_login.gif - deleted
http://castlecops.com/themes/Cops_10.../footer/lr.gif - deleted
http://i.a.cnn.net/cnn/.element/ssi/css/1.5/main.css - deleted
http://i.a.cnn.net/cnn/.element/ssi/js/1.3/main.js - deleted
http://www.cnn.com/.element/ssi/www/...SponsoredLinks - deleted
http://castlecops.com/themes/Cops_10...ks/blocktr.gif - deleted
http://castlecops.com/modules/Forums...s/chevron2.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...in/lt_grey.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...op_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._bg_orange.gif - deleted
http://www.google.com/nav_current.gif - deleted
http://castlecops.com/themes/Cops_10...ocks/mback.gif - deleted
http://pagead2.googlesyndication.com...=3&u_java=true - deleted
http://www.file.net/img/spyrate5.gif - deleted
http://i.a.cnn.net/cnn/video/us/2006....prices.fp.jpg - deleted
http://www.neuber.com/taskmanager/process/nospy.css - deleted
http://www.file.net/img/spyrate2.gif - deleted
http://i.a.cnn.net/cnn/.element/ssi/js/1.3/omniture.js - deleted
http://castlecops.com/zx/seafsee/1asp030.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da...vernursing.com - deleted
http://i.a.cnn.net/cnn/.element/img/...tner_money.gif - deleted
http://cnn.dyn.cnn.com/cookie.crumb - deleted
http://i.a.cnn.net/cnn/.element/img/...stpop_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...iz/hdr_end.gif - deleted
http://i.cnn.net/cnn/.element/img/1....z/hdr_line.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...adient_334.gif - deleted
http://i.a.cnn.net/cnn/2006/US/04/10...pizza.love.jpg - deleted
http://www.google.com/images/t4_en.gif - deleted
http://www.file.net/img/bgverlauf.jpg - deleted
http://ar.atwola.com/file/adsWrapper.js - deleted
http://i.cnn.net/cnn/.element/img/1..../tab_right.gif - deleted
http://castlecops.com/themes/Cops_1024/style/style.css - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/ld.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da...ity.306x60.jpg - deleted
http://servedby.advertising.com/site...8120472/optn=1 - deleted
http://i.a.cnn.net/cnn/.element/img/...hedule_btn.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...eft_corner.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ne_mod_hdr.jpg - deleted
http://castlecops.com/modules/Forums...lish/reply.gif - deleted
http://www.neuber.com/img/spyrate2.gif - deleted
http://www.neuber.com/img/1spychecker.gif - deleted
http://i.a.cnn.net/cnn/.element/ssi/js/1.3/s_code.js - deleted
http://i.a.cnn.net/cnn/.element/img/.../btm_cwire.gif - deleted
http://i.cnn.net/cnn/.element/img/1....z/tab_left.gif - deleted
http://i.cnn.net/cnn/.element/img/1....te_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ories_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...hdr.wd.law.gif - deleted
http://i.a.cnn.net/cnn/.element/img/1.3/main/novell.gif - deleted
http://castlecops.com/themes/Cops_10.../footer/ll.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/pz_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...sched_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._line_edge.gif - deleted
http://castlecops.com/modules/Forums.../icon_msnm.gif - deleted
http://www.neuber.com/img/spyrate4.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da...ace_120x90.gif - deleted
http://castlecops.com/themes/Cops_10...s/blockbot.gif - deleted
http://castlecops.com/modules/Forums...on_profile.gif - deleted
http://www.neuber.com/img/spyrate0.gif - deleted
http://www.neuber.com/img/6tonline.gif - deleted
http://i.cnn.net/cnn/.element/img/1....ine_ltblue.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...bottom.334.gif - deleted
http://www.google.com/nav_first.gif - deleted
http://pagead2.googlesyndication.com...=3&u_java=true - deleted
http://i.a.cnn.net/cnn/.element/img/...atest_news.gif - deleted
http://i.cnn.net/cnn/.element/img/1....iz/hdr_end.gif - deleted
http://www.cnn.com/SPECIALS/2005/onl...ages/tz.02.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...con.wd.xml.gif - deleted
http://www.google.com/intl/en/images/logo.gif - deleted
http://castlecops.com/modules/Forums...s/cellpic3.gif - deleted
http://castlecops.com/modules/Forums...tars/blank.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/am.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n/cnn_wire.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ve_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ine_footer.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n.vert.div.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../cl/cl_bar.gif - deleted
http://i.a.cnn.net/cnn/.element/ssi/...lash_detect.js - deleted
http://i.a.cnn.net/cnn/.element/img/...rtical.dot.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....pipe.gray.gif - deleted
http://pagead2.googlesyndication.com...=3&u_java=true - deleted
http://castlecops.com/themes/Cops_10...footer/top.gif - deleted
http://www.file.net/img/spyrate3.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../what_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../biz/quote.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ne_hdr_end.gif - deleted
http://i.a.cnn.net/cnn/2006/images/02/27/tz.gupta.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/....wd.travel.gif - deleted
http://castlecops.com/modules/Forums.../premium25.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../bestvideo.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...nly_on_cnn.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....quickvote.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...dr_the_web.gif - deleted
http://servedby.advertising.com/site.../bins=1/optn=1 - deleted
http://i.a.cnn.net/cnn/.element/img/...partner_si.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...iz/markets.gif - deleted
http://i.cnn.net/cnn/images/1.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/ng.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../tab_right.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...z/arrow.up.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...partner_ew.gif - deleted
http://www.google.com/search?hl=en&q=IadHide5.dll+ - deleted
http://i.a.cnn.net/cnn/.element/ssi/css/1.3/common.css - deleted
http://i.cnn.net/cnn/.element/img/1....ine_dkblue.gif - deleted
http://i.a.cnn.net/cnn/images/1.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...icon_video.gif - deleted
http://castlecops.com/modules/Forums...glish/post.gif - deleted
http://www.neuber.com/taskmanager/image/taskman_200.gif - deleted
http://www.neuber.com/img/1tucows.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...av_cnntogo.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n/tv/ac360.jpg - deleted
http://ar.atwola.com/file/adsEnd.js - deleted
http://i.a.cnn.net/cnn/.element/img/....rt.corner.gif - deleted
http://castlecops.com/modules/Forums...sh/icon_pm.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...biz/hdr_bg.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da.../232517rgb.gif - deleted
http://www.google.com/images/logo_sm.gif - deleted
http://www.google.com/nav_next.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ive_screen.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...fb.top.334.gif - deleted
http://www.google.com/ - deleted
http://castlecops.com/modules/Forums...ini_search.gif - deleted
http://castlecops.com/modules/Forums...n_mini_faq.gif - deleted
http://castlecops.com/modules/Forums.../folding25.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ket_update.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/am_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....wd.sports.gif - deleted
http://castlecops.com/modules/Forums...h/icon_aim.gif - deleted
http://castlecops.com/modules/Forums...h/icon_yim.gif - deleted
http://www.neuber.com/typograf/image/5zdstar.gif - deleted
http://i.cnn.net/cnn/.element/img/1....iz/markets.gif - deleted
http://www.cnn.com/interactive/us/06...katrina/tz.gif - deleted
http://i.a.cnn.net/cnn/.element/img/1.5/ceiling/ccc.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...hows/sched.gif - deleted
http://serve.dynasig.net/840.gif - deleted
http://www.google.com/nav_page.gif - deleted
http://castlecops.com/themes/Cops_10.../blocks/sl.gif - deleted
http://www.neuber.com/taskmanager/pr...hide5.dll.html - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/ld_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ideo/minus.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...asts_radio.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...sts_rt_end.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...v/time_tab.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...wd.weather.gif - deleted
http://i.a.cnn.net/cnn/1.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ts_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/sr_over.gif - deleted
http://i.cnn.net/cnn/.element/img/1....finances_1.gif - deleted
http://gdyn.cnn.com/1.1/1.gif?1145413488462 - deleted
http://pagead2.googlesyndication.com/pagead/show_ads.js - deleted
http://www.neuber.com/img/spyrate5.gif - deleted
http://www.file.net/img/bgmenu.jpg - deleted
http://www.file.net/img/spyrate4.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...s/lkl_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...rtner_time.gif - deleted
http://castlecops.com/postp343298.html - deleted
http://i.a.cnn.net/cnn/.element/img/...ght_corner.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...fb.generic.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...d.politics.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....education.gif - deleted
http://castlecops.com/images/topcc.gif - deleted
http://castlecops.com/modules/Forums...ks/phish25.gif - deleted
http://www.cnn.com/ - deleted
http://i.a.cnn.net/cnn/.element/img/...bs/mostpop.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...v_podcasts.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._bg_bottom.gif - deleted
http://cl.cnn.com/ctxtlink/jsp/cnn/c...txt&origin=cnn - deleted
http://i.cnn.net/cnn/.element/img/1....49/stream1.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...gray.arrow.gif - deleted
http://i.cnn.net/cnn/cnn_adspaces/da...016logo.cb.gif - deleted
http://castlecops.com/modules/Forums...024/formIE.css - deleted
http://castlecops.com/modules/Forums...h/icon_www.gif - deleted
http://www.neuber.com/img/space.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...on.offsite.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...wd.science.gif - deleted
http://castlecops.com/themes/Cops_10...ocktopback.gif - deleted
http://castlecops.com/modules/Forums...icon_quote.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...dr_cnn_com.gif - deleted
http://i.cnn.net/cnn/.element/img/1...._bigcharts.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../shows/lkl.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...in/tv/10pm.gif - deleted
http://castlecops.com/modules/Forums...es/printer.gif - deleted
http://pagead2.googlesyndication.com...=3&u_java=true - deleted
http://i.a.cnn.net/cnn/.element/ssi/...ainVideoMod.js - deleted
http://i.a.cnn.net/cnn/.element/img/...topstories.gif - deleted
http://i.a.cnn.net/cnn/cnn_adspaces/cnn_adspaces.js - deleted
http://i.a.cnn.net/cnn/.element/img/...in/hdr_end.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ove_Beyond.gif - deleted
http://cnn.dyn.cnn.com/1.gif?1145413488462 - deleted
http://castlecops.com/themes/Cops_1024/images/pixel.gif - deleted
http://i.a.cnn.net/cnn/.element/img/.../tabs/what.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ng/nav_rss.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ine_dkblue.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...llet.round.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ertisement.gif - deleted
http://i.cnn.net/cnn/.element/img/1.4/main/biz/ddd.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...wd.us.home.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...g/shows/sr.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...hdr_search.gif - deleted
http://castlecops.com/themes/Cops_10.../blocks/sr.gif - deleted
http://www.file.net/process/iadhide5.dll.html - deleted
http://i.a.cnn.net/cnn/2006/images/0...newyork.ap.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...abs/hdr_bg.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...eo_blue_wt.gif - deleted
http://castlecops.com/zx/Paul/x-click-but04.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ft_end_red.gif - deleted
http://i.a.cnn.net/cnn/.element/img/....wd.health.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._vert.dash.gif - deleted
http://castlecops.com/themes/Cops_10...footer/bot.gif - deleted
http://www.file.net/img/home.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...n/hdr_bg_2.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...video/plus.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...pe_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...con.wd.pod.gif - deleted
http://castlecops.com/modules/Forums...s/cellpic1.gif - deleted
http://www.neuber.com/img/spyrate1.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ws/ng_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...rkets_over.gif - deleted
http://i.a.cnn.net/cnn/.element/img/..._separator.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...es_blue_wt.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...world.home.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...r_partners.gif - deleted
http://i.a.cnn.net/cnn/2006/images/0...ord_shelby.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/.../tabs/live.gif - deleted
http://i.a.cnn.net/cnn/video/health/...18/face.fp.jpg - deleted
http://i.a.cnn.net/cnn/.element/img/...this_white.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...review_btn.gif - deleted
http://i.a.cnn.net/cnn/.element/img/1.3/floor/dots.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...eildivider.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...ertainment.gif - deleted
http://castlecops.com/themes/Cops_10...cks/mright.gif - deleted
http://castlecops.com/themes/Cops_10.../footer/ul.gif - deleted
http://www.neuber.com/img/point.gif - deleted
http://i.a.cnn.net/cnn/.element/img/...video_over.gif - deleted
http://m.doubleclick.net/dot.gif - deleted
http://castlecops.com/themes/Cops_10...ks/blocktl.gif - deleted
http://castlecops.com/modules/Forums...ges/spacer.gif - deleted
http://www.neuber.com/img/1pcwelt.gif - deleted
http://www.file.net/img/spyrate1.gif - deleted
http://www.neuber.com/img/spyrate3.gif - deleted
http://castlecops.com/modules/Forums...ks/premium.gif - deleted
http://castlecops.com/themes/Cops_10...ocks/mleft.gif - deleted
http://castlecops.com/themes/Cops_10.../footer/sr.gif - deleted
http://www.neuber.com/typograph/image/5filehungry.gif - deleted
http://www.file.net/img/software.gif - deleted
http://www.file.net/img/files.gif - deleted
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\MSHist012006041820060419\index.dat - deleted
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\MSHist012006041820060419\ - deleted
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
'Typed URLs' (Internet Explorer) - removed from the registry.
Visited: Jenifer@file:///C:/Documents%20and%2...sktop/f-ed.txt - deleted
Visited: Jenifer@http://www.google.com/search...q=IadHide5.dll+ - deleted
Visited: Jenifer@http://www.file.net/process/iadhide5.dll.html - deleted
Visited: Jenifer@http://www.cnn.com - deleted
Visited: Jenifer@http://castlecops.com/postp343298.html - deleted
Visited: Jenifer@http://www.neuber.com/taskma...hide5.dll.html - deleted
Visited: Jenifer@http://www.google.com - deleted
C:\Documents and Settings\Jenifer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Cookies\jenifer@ads.cnn[1].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@castlecops[2].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@cnn.122.2o7[1].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@cnn[1].txt - deleted
C:\Documents and Settings\Jenifer\Cookies\jenifer@google[1].txt - deleted
Cookie:jenifer@ads.cnn.com/ - deleted
Cookie:jenifer@cnn.122.2o7.net/ - deleted
Cookie:jenifer@castlecops.com/ - deleted
Cookie:jenifer@google.com/ - deleted
Cookie:jenifer@cnn.com/ - deleted
C:\Documents and Settings\Jenifer\Recent\f-ed.txt.lnk - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\HPH3.tmp - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\IadHide5.dll currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\jusched.log - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\~DF2FB4.tmp - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\~DFDC5A.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\_avast4_\ - deleted
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\IadHide5.dll currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\Jenifer\LOCALS~1\Temp\~DFDC5A.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\JET1E9F.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\Perflib_Perfdata_dc.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\_avast4_\Webshlock.txt currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\Temp\IadHide5.dll currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\Temp\~DFDC5A.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jenifer\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\DRGTODSC.EXE-2EA93301.pf - deleted
C:\WINDOWS\Prefetch\ENGUTIL.EXE-12902716.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\WINDOWS\Prefetch\GIANTANTISPYWAREUPDATER.EXE-01DFD337.pf - deleted
C:\WINDOWS\Prefetch\HPGS2WND.EXE-06AC8C27.pf - deleted
C:\WINDOWS\Prefetch\HPGS2WNF.EXE-0E86C34B.pf - deleted
C:\WINDOWS\Prefetch\HPHIPM11.EXE-25D93894.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf - deleted
C:\WINDOWS\Prefetch\ITOUCH.EXE-0DDF2B56.pf - deleted
C:\WINDOWS\Prefetch\JUSCHED.EXE-2ABC3D1B.pf - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\RXMON.EXE-06BF68E3.pf - deleted
C:\WINDOWS\Prefetch\SMC.EXE-2CDB6670.pf - deleted
C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted
'Run MRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.1 recovered 1.9 MB of disk space from 591 files.
CleanUp! finished on 04/18/06 22:32:02.
________________________________________________________________
Ewido:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:07:31 PM, 4/18/2006
+ Report-Checksum: 99FC284

+ Scan result:

D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@a-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@a-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@com[1].txt -> TrackingCookie.Com : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@-1shz2prbmdj6wvny-1sez2pra2dj6...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@-1shz2prbmdj6wvny-1sez2pra2dj6...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@a-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@a-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@a-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@com[1].txt -> TrackingCookie.Com : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@com[3].txt -> TrackingCookie.Com : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@y-1shz2prbmdj6wvny-1sez2pra2dj...ure[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Local Settings\Temp\Cookies\jenifer myers@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
D:\Od-C_Review\Documents and Settings\Jenifer Myers\Local Settings\Temp\Cookies\jenifer myers@prizeamerica.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup

::Report End

_________________________________________________________________
HIJACKTHIS RUN WHEN SYSTEM SEEMED "OK" - LET ME KNOW IF YOU WANT ONE AFTER REBOOT (WHEN THE SYSTEM SEEMS TO BE COMPROMISED)

Logfile of HijackThis v1.99.1
Scan saved at 11:12:53 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\NTPTIME.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jenifer\My Documents\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://mirror.worldwinner.com/games/...m/skillgam.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v47...t/brickout.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v45/pool/pool.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49...k/bjattack.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121359716830
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {90B7E2B3-2E56-4571-9E54-823E33C4B4B4} (TracMan Control) - http://www.worldwinner.com/games/v46...an/tracman.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) - http://www.worldwinner.com/games/v48/chess/chess.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {E2739AFF-FA40-4527-9A19-DE81795C2C03} (MSN Money Ticker) - http://moneycentral.msn.com/cabs/ticker.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v45...s/wwspades.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51...ol/h2hpool.cab
O18 - Protocol: bw+0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NTPTime - Unknown owner - C:\WINDOWS\SYSTEM32\NTPTIME.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

jrobin · 04-18-2006, 10:56 PM

OK, now before we all get too excited I need to say that the bulk of the nasty results here are archives on a second drive that is not really in use. It's a drive from a computer that was heavily infected and put in this machine with all the email archived (with plans to deal with it at some point...). My anti-virus picks it up as well when I scan the drive, but it's my impression it is harmless in this state, quarantined if you will ... but you are the expert, maybe I'm wrong.
One last note on the pre and post Cleanup! situation, when I reboot after everything looks ok and then...its not, I get an error message, something to the effect of "Cannot load Picture Package Menu, please restart to try again (0) (0)" - I think thats it, and then everything goes to &%^$, just the four items in the notification area, problems entering URLs in IE address bar, ect..I know it may mean something but I don't know what. Here is the Panda, you should have all the rest (unless you think a HiJackThis result from when the computer is in the bad way would be usefull...(you have the one I ran as everything looked good). I would have included it here but I don't want to reboot!!! Arg!
Thanks again for your time

Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jenifer\Cookies\jenifer@2o7[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jenifer\Cookies\jenifer@ads.pointroll[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jenifer\Cookies\jenifer@tribalfusion[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jenifer\Cookies\jenifer@2o7[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jenifer\Cookies\jenifer@ads.pointroll[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jenifer\Cookies\jenifer@tribalfusion[2].txt
Virus:JS/Illwill.A Not disinfected Personal Folders\Inbox\price_new.zip[price.html]
Virus:W32/Bagle.AM.worm Not disinfected Personal Folders\Inbox\price_new.zip[price.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr]
Virus:JS/Illwill.A Not disinfected Personal Folders\Inbox\price_new.zip[price.html]
Virus:W32/Bagle.AM.worm Not disinfected Personal Folders\Inbox\price_new.zip[price.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr]
Virus:JS/Illwill.A Not disinfected Personal Folders\Inbox\price_new.zip[price.html]
Virus:W32/Bagle.AM.worm Not disinfected Personal Folders\Inbox\price_new.zip[price.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr]
Virus:JS/Illwill.A Not disinfected Personal Folders\Inbox\price_new.zip[price.html]
Virus:W32/Bagle.AM.worm Not disinfected Personal Folders\Inbox\price_new.zip[price.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr]
Virus:JS/Illwill.A Not disinfected Personal Folders\Inbox\price_new.zip[price.html]
Virus:W32/Bagle.AM.worm Not disinfected Personal Folders\Inbox\price_new.zip[price.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr]
Virus:W32/Netsky.B.worm Not disinfected Personal Folders\Inbox\hi\attachment.zip[attachment.rtf.com]
Virus:W32/Netsky.B.worm Not disinfected Personal Folders\Inbox\hello\creditcard.zip[creditcard.htm.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr]
Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\Jenifer Myers\Cookies\anyuser@atwola[2].txt
Spyware:Cookie/CWS Not disinfected D:\Documents and Settings\Jenifer Myers\Cookies\anyuser@coolwebsearch[1].txt
Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@atwola[1].txt
Spyware:Cookie/Target Not disinfected D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@target[1].txt
Virus:VBS/VBSWG.Z Not disinfected Personal Folders\Stockton\Vendors\Nortel\Maxnet\Mawanella\Mawanella.vbs
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr]
Virus:JS/Illwill.A Not disinfected Personal Folders\Inbox\price_new.zip[price.html]
Virus:W32/Bagle.AM.worm Not disinfected Personal Folders\Inbox\price_new.zip[price.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr]
Virus:JS/Illwill.A Not disinfected Personal Folders\Inbox\price_new.zip[price.html]
Virus:W32/Bagle.AM.worm Not disinfected Personal Folders\Inbox\price_new.zip[price.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr]
Spyware:Cookie/Atwola Not disinfected D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\anyuser@atwola[2].txt
Spyware:Cookie/CWS Not disinfected D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\anyuser@coolwebsearch[1].txt
Spyware:Cookie/Atwola Not disinfected D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@atwola[2].txt
Spyware:Cookie/Rightmedia Not disinfected D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@rightmedia[2].txt
Spyware:Cookie/Azjmp Not disinfected D:\Od-C_Review\Documents and Settings\Jenifer Myers\Local Settings\Temp\Cookies\jenifer myers@azjmp[2].txt
Potentially unwanted tool:Application/HideWindow.A Not disinfected D:\Od-C_Review\HP\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected D:\Od-C_Review\HP\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.C Not disinfected D:\Od-C_Review\HP\bin\KillWind.exe
Hacktool:HackTool/ProcLog.A Not disinfected D:\Od-C_Review\HP\bin\ProcessLogger.exe
Virus:Trj/Reboot.F Not disinfected D:\Od-C_Review\HP\bin\Rebooter.exe

**Glaswegian** · 04-19-2006, 01:41 PM

Hi there.

OK, I think we need to get you sorted before we go any further. There are some minor things we can get rid of, but they will not be contributing to your current situation. You might want to run CleanUp! on that spare drive and clear out the junk!

I firmly believe that this is related to the MS update and the HP software. I would like you to go back to the link I posted earlier, take your time and go carefully through each step, but also write down exactly what you are doing through each step. Be as thorough as you can. I then want you type up a 'Report' of your actions and post it back in this thread. Please don't think that I don't believe you did it the first time - once I know that you've followed the MS guidelines and it doesn't work, then that's something else we can rule out. I also appreciate that making Registry changes can seem daunting for some, especially if not used to it.

Don't do anything else in terms of the fix I posted - we can always come back to that later.

I hope you'll give this a go - we need to get your system back towards something approaching normality.

jrobin · 04-19-2006, 02:30 PM

Thanks for the reply,
In the meantime, I tried simply terning off the HP stuff via MSConfig and everything is perfect (well, perfect enough). I would uninstall it completely if I didn't get an error when I tried to...I appreciate the time you have spent on this but I'm not sure I can put aside a few hours to run through it again in the near future. I think you are absolutely right about the HP garbage being the main culprit.
Again, thanks for your time and help.
- Jan

**Glaswegian** · 04-19-2006, 03:20 PM

Hi

Have you tried uninstalling in Safe Mode?

You still have some items I would like to clear off your system - and I don't like to give up.

Ignore the MS fix then and let me know if you manage to uninstall HP.

jrobin · 04-19-2006, 07:17 PM

Didn't go (see attached), this isn't actually HP's software, according to the website. I'm installing the "update" and will try to remove after that. I'll let you know, thanks again

jrobin · 04-19-2006, 07:38 PM

Managed to delete that "Picture Package" - everything seems to be ok...

**Glaswegian** · 04-21-2006, 03:32 PM

Hi jrobin

How are things now? I'd like to just tidy up and finish cleaning your system. Post back and let me know.

jrobin · 04-21-2006, 04:44 PM

Going well, thanks. I stayed up way to late the other night fiddling around though. You would be mad, installed a few things...
IE7
MS Defender
Firefox and some extensions...
you know, all the stuff you don't want people to do before they are completely clean. That's pretty much what I did.
Well, I was reading up on Defender and one thing led to another...things are running nicely though, as far as I can see. I haven't done any HiJack logs...I suppose you want one(?)
- Jan

**Glaswegian** · 04-21-2006, 05:23 PM

Hi Jan

Lol – no log – just now anyway.

The last scan showed what appears to be infected e-mails – are they also on your other drive?

I was speaking to one of my colleagues here and was advised that HP has an Application Recovery. Go to Start > All Programs > PC Help and Tools > HP Recovery Application – if you want your HP stuff back.

Other than that I’d like you just to try one more online scan – and this time don’t include that old drive!

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan: Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.
Copy and paste that information in your next post.

Take note of the name(s) and location(s) of any file(s) it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Post back the report. If that comes back clean, then I’ll give you my recommendations for useful programmes (although you might be ahead of me there

)

jrobin · 04-21-2006, 05:54 PM

Scan my computer...yep, that would include the D:, I'm sure it will have a field day with those archives. I really like the "NoScript" extension in Firefox (yes, I like the FasterFox extension too, but if I'm understanding how it worksm it's probably a matter of time before webmasters/server owners find a way to stop the party...). Very nice, I'm sure you have heard of it. Oh by the way, this isn't an HP machine, there was some HP software on it that my wife's grandfather gave her to install to compliment an HP photo printer (crap, crap and crap).
I want to thank you again for your help. I've been reading through the forums and I can see I didn't have it nearly as bad as some folks you people deal with. Some of them come in pretty hurting. Kudos on the great work you do. I hope the $ from the AdSense helps compensate you guys somewhat.
Oh wow, it looks like it is actually picking up some bad stuff on the C: - ah - Outlook Backup.pst...well we'll see. I'll post back when it is done, wanted to answer you before it took too long..
- Jan

jrobin · 04-21-2006, 11:12 PM

See attached. I am correct to assume there is no way to remove the archived and .pst viruses without extracting the file in a safe environment, correct?

Thanks again,

- Jan

**Glaswegian** · 04-22-2006, 04:05 AM

Hi Jan

Yes, I think you’re correct. If you imported the .pst archive back into your current Outlook profile, well, you’re just asking for trouble. If you really don’t need any of that stuff on the D:\ drive, I would format the drive a couple of times to clean it completely and use it as a back up. You should be able to delete the e-mails in your current folder (the ones Kaspersky highlighted on the C:\ drive).

If there’s nothing else, I’ll give you my standard clean speech, some of which you’ve already done, but hopefully there will be some things that will help for the future. And stick with Firefox – I haven’t used IE for nearly two years – I think it’s a great browser. OK, here we go –

Reset Hidden/System Files
To reset your hidden and system files:

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

System Restore
To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

To turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

This will create a new Restore Point.

IMPORTANT!!!
Please ensure that Windows is patched against the WMF exploit. This is a dangerous vulnerability that opens the door to multiple infections; and a possible reason you were infected. Visit Window's Update to get the KB912919 patch.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

Spyware Blaster to help prevent spyware from installing in the first place.
Spyware Guard to catch and block spyware before it can execute.
Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here.

Ad-aware
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here.

IE-SPYAD
IE-Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here.

MVPS Hosts File
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Firefox
Opera

Firewalls
A good firewall will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you do not have a firewall, here are 3 free ones available for personal use:
Sygate Personal Firewall
ZoneAlarm
Tiny Personal Firewall

Anti Virus Software
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online antivirus scanners:
Anti-Spyware Tutorial

Here are two very good free Antivirus products which are available:
Avast!
AVG

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Other Protection
Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

How Did I Get Infected In The First Place?
The Anti-Spyware Tutorial.
Making Internet Explorer Safer.

Keep clean and safe and enjoy your computing!

Please respond to this thread one more time so we can mark this thread as resolved.

jrobin · 04-22-2006, 08:56 AM

Thanks.
I've got Teatimer, but I thought it woulkdn't be good to install the other real-time Ad-ware blockers at the same time? Is that not true? SHould I do all three at the same time?

greyknight17 · 04-22-2006, 07:30 PM

Most of those downloads you were asked to get are not real-time protection, per se...They are probably just used once in a while (during an update...then you install it and leave it alone). SpywareGuard is one of the real-time protection programs. You may leave it to just one, but I think it's best to use TeaTimer and SpywareGuard (or at least just SpywareGuard).

04-18-2006, 02:15 PM	#1 (permalink)
jrobin Registered User Join Date: Apr 2006 Posts: 15 OS: XP Home	Please help! I've tried [almost] everything! Hi! Tried over and over, Antivirus (boot scan) nothing...Ad-Aware, nothing.... bottom line is, icons in my notification area not showing up (although the apps seem to be running. Another side effect is that if I type an address into IE address field and hit ENTER or the ->GO button nothing happens (the MS logo in the top right will move bot no action)...I need to use the pull down, go to google, and type the url there (nice). I have been able to use system restore to get back to a state where things look ok, but no matter what I try from that point (AV, Ad-Aware, Spybot S&D, ect), when I reboot its back to this scary state...here is the log, any ideas? Logfile of HijackThis v1.99.1 Scan saved at 4:02:53 PM, on 4/18/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\SYSTEM32\NTPTIME.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\verclsid.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sygate\SPF\smc.exe C:\Program Files\WinRAR\WinRAR.exe C:\WINDOWS\system32\verclsid.exe C:\Documents and Settings\Jenifer\My Documents\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409 O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://mirror.worldwinner.com/games/...m/skillgam.cab O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v47...t/brickout.cab O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v45/pool/pool.cab O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49...k/bjattack.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121359716830 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {90B7E2B3-2E56-4571-9E54-823E33C4B4B4} (TracMan Control) - http://www.worldwinner.com/games/v46...an/tracman.cab O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) - http://www.worldwinner.com/games/v48/chess/chess.cab O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab O16 - DPF: {E2739AFF-FA40-4527-9A19-DE81795C2C03} (MSN Money Ticker) - http://moneycentral.msn.com/cabs/ticker.cab O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v45...s/wwspades.cab O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51...ol/h2hpool.cab O18 - Protocol: bw+0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: NTPTime - Unknown owner - C:\WINDOWS\SYSTEM32\NTPTIME.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Thanks!!

04-18-2006, 03:44 PM	#2 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,197 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Hi and welcome to TSF. There's nothing major jumping out at me, but I notice you have HP Share-to-Web and the latest MS update. Firstly go here http://support.microsoft.com/default.aspx/kb/918165 and follow the instructions, then post back and let me know how your system is performing. I'll then provide some instructions for doing a general clean up. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner

04-18-2006, 04:48 PM	#3 (permalink)
jrobin Registered User Join Date: Apr 2006 Posts: 15 OS: XP Home	Helped a little Tried that fix, didn't work BUT - now I have the little arrow in the notification area, only I can see just 4 total icons (again, the other services/programs seem to be running, but are not there). Avast AV, Sygate FW, "HP Photosmart" status and "Picture Package menu" - I would uninstall all the HP stuff if someone thinks that would help...

04-18-2006, 04:57 PM	#4 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,197 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Hi again OK, as I said there's nothing major jumping out at me, but let's clean up and see if there's anything hiding. You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply. Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers when you are following the procedures below. MSconfig Enabled I see you have msconfig enabled. This may prevent us from seeing everything running on your system. Please re-enable all startup items. Go to Start > Run type msconfig and press Enter. Select Normal Startup - Load all Device Drivers and Services Press the 'Exit without restarting' button - we will reboot later. Disable SpyBot Tea Timer While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean. Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. Disable Microsoft Antispyware/Defender Please disable Microsoft AntiSpyware, as it may hinder the removal of some entries. You can re-enable it after you're clean. Right-click on the Microsoft Anti-Spyware icon in the system tray [it's the one with the red and yellow bulls-eye]. Click on "Security Agents Status". Click on "Disable real-time protection". Next right-click on the Microsoft Anti-Spyware icon in the system tray again to open Microsoft Anti-Spyware. Click on the Options menu and choose Settings. In the left pane column click on "Real Time Protection". Under Startup Options, uncheck "Enable (MSAS) Security Agents on startup (recommended)" Under Real-time spyware threat protection, uncheck "Enable real-time spyware threat protection" (recommended). Click the Save button and close Microsoft AntiSpyware. Finally, right-click on the MSAS icon in the system tray and select "Shutdown Microsoft Antispyware". Downloads Please download Cleanup! or use this Alternate Link if the main link does not work and install it. You will use this later. Download Ewido Anti-Malware Install Ewido Anti-Malware When installing, under "Additional Options" uncheck.. Install background guard Install scan via context menu Double-click the icon on Desktop to launch Ewido You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update Ewido. When you have finished updating, EXIT Ewido. Run CleanUp! NOTE Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW! Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows: Click Options Move the slider button down to Custom CleanUp! Check the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Uncheck the following : Scan local drives for temporary files Click OK, Press the CleanUp! button to start the program and reboot when prompted. Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these BEFORE running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility. Reboot Reboot your system in Safe Mode. Restart the computer. The computer begins processing a set of instructions known as BIOS. After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key) Instead of Windows loading as normal, a menu should appear Use the arrow key to highlight Safe Mode and press Enter. HijackThis Entries Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe Leave only the first Logitech entry and fix all others like this O18 - Protocol: bwg0 - {AB2CEABA-5991-4D5C-B790-59EDC2974944} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll Please remember to close all other windows, including browsers then click Fix checked. Run Ewido Run Ewido with it's updated definitions (...it's important that all windows must be closed) Click on scanner Click on Complete System Scan and the scan will begin. NOTE: During some scans with Ewido it is finding cases of false positives. You will need to step through the process of cleaning files one-by-one. If Ewido detects a file you KNOW to be legitimate, select none as the action. DO NOT select "Perform action on all infections" If you are unsure of any entry found select none for now. When the scan is finished, click the Save Report button at the bottom of the screen. Save the report to your desktop Close Ewido NOTE: Ewido scan will require at least an hour. Reboot Reboot your system in Normal Mode. Online Scan Perform an online scan with Internet Explorer with Panda ActiveScan Click on the "Free To Use ActiveScan" located on the top right hand corner. 1. Click Check Now and a "pop up" window will appear. Please ensure that your pop up blocker doesn't block it 2. Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place * Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on See report then click Save report You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. Turn off the real time scanner of any existing antivirus program while performing the online scan Logs required Ewido Log Panda Log HijackThis Log Please also let me know how your system is performing now and if you have any specific problems. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner

04-18-2006, 10:56 PM	#7 (permalink)
jrobin Registered User Join Date: Apr 2006 Posts: 15 OS: XP Home	Panda result OK, now before we all get too excited I need to say that the bulk of the nasty results here are archives on a second drive that is not really in use. It's a drive from a computer that was heavily infected and put in this machine with all the email archived (with plans to deal with it at some point...). My anti-virus picks it up as well when I scan the drive, but it's my impression it is harmless in this state, quarantined if you will ... but you are the expert, maybe I'm wrong. One last note on the pre and post Cleanup! situation, when I reboot after everything looks ok and then...its not, I get an error message, something to the effect of "Cannot load Picture Package Menu, please restart to try again (0) (0)" - I think thats it, and then everything goes to &%^$, just the four items in the notification area, problems entering URLs in IE address bar, ect..I know it may mean something but I don't know what. Here is the Panda, you should have all the rest (unless you think a HiJackThis result from when the computer is in the bad way would be usefull...(you have the one I ran as everything looked good). I would have included it here but I don't want to reboot!!! Arg! Thanks again for your time Incident Status Location Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jenifer\Cookies\jenifer@2o7[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jenifer\Cookies\jenifer@ads.pointroll[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jenifer\Cookies\jenifer@tribalfusion[2].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jenifer\Cookies\jenifer@2o7[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jenifer\Cookies\jenifer@ads.pointroll[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jenifer\Cookies\jenifer@tribalfusion[2].txt Virus:JS/Illwill.A Not disinfected Personal Folders\Inbox\price_new.zip[price.html] Virus:W32/Bagle.AM.worm Not disinfected Personal Folders\Inbox\price_new.zip[price.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr] Virus:JS/Illwill.A Not disinfected Personal Folders\Inbox\price_new.zip[price.html] Virus:W32/Bagle.AM.worm Not disinfected Personal Folders\Inbox\price_new.zip[price.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr] Virus:JS/Illwill.A Not disinfected Personal Folders\Inbox\price_new.zip[price.html] Virus:W32/Bagle.AM.worm Not disinfected Personal Folders\Inbox\price_new.zip[price.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr] Virus:JS/Illwill.A Not disinfected Personal Folders\Inbox\price_new.zip[price.html] Virus:W32/Bagle.AM.worm Not disinfected Personal Folders\Inbox\price_new.zip[price.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr] Virus:JS/Illwill.A Not disinfected Personal Folders\Inbox\price_new.zip[price.html] Virus:W32/Bagle.AM.worm Not disinfected Personal Folders\Inbox\price_new.zip[price.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr] Virus:W32/Netsky.B.worm Not disinfected Personal Folders\Inbox\hi\attachment.zip[attachment.rtf.com] Virus:W32/Netsky.B.worm Not disinfected Personal Folders\Inbox\hello\creditcard.zip[creditcard.htm.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr] Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\Jenifer Myers\Cookies\anyuser@atwola[2].txt Spyware:Cookie/CWS Not disinfected D:\Documents and Settings\Jenifer Myers\Cookies\anyuser@coolwebsearch[1].txt Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@atwola[1].txt Spyware:Cookie/Target Not disinfected D:\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@target[1].txt Virus:VBS/VBSWG.Z Not disinfected Personal Folders\Stockton\Vendors\Nortel\Maxnet\Mawanella\Mawanella.vbs Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr] Virus:JS/Illwill.A Not disinfected Personal Folders\Inbox\price_new.zip[price.html] Virus:W32/Bagle.AM.worm Not disinfected Personal Folders\Inbox\price_new.zip[price.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr] Virus:JS/Illwill.A Not disinfected Personal Folders\Inbox\price_new.zip[price.html] Virus:W32/Bagle.AM.worm Not disinfected Personal Folders\Inbox\price_new.zip[price.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hi\file.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\hello\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\knxunreuuqkpag\document.scr Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\message.zip[message.exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\HI\message.zip[message.htm .pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-1\test\readme.zip[readme.htm .scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-2\hello\message.zip[message.scr] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\MAIL TRANSACTION FAILED\body.exe Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hi\body.zip[body.doc .exe] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\Hello\message.zip[message.pif] Virus:W32/Mydoom.A.worm Not disinfected Personal Folders\TempHold-3\hello\message.zip[message.scr] Spyware:Cookie/Atwola Not disinfected D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\anyuser@atwola[2].txt Spyware:Cookie/CWS Not disinfected D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\anyuser@coolwebsearch[1].txt Spyware:Cookie/Atwola Not disinfected D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@atwola[2].txt Spyware:Cookie/Rightmedia Not disinfected D:\Od-C_Review\Documents and Settings\Jenifer Myers\Cookies\jenifer myers@rightmedia[2].txt Spyware:Cookie/Azjmp Not disinfected D:\Od-C_Review\Documents and Settings\Jenifer Myers\Local Settings\Temp\Cookies\jenifer myers@azjmp[2].txt Potentially unwanted tool:Application/HideWindow.A Not disinfected D:\Od-C_Review\HP\bin\FondleWindow.exe Potentially unwanted tool:Application/KillApp.B Not disinfected D:\Od-C_Review\HP\bin\KillIt.exe Potentially unwanted tool:Application/KillApp.C Not disinfected D:\Od-C_Review\HP\bin\KillWind.exe Hacktool:HackTool/ProcLog.A Not disinfected D:\Od-C_Review\HP\bin\ProcessLogger.exe Virus:Trj/Reboot.F Not disinfected D:\Od-C_Review\HP\bin\Rebooter.exe

04-18-2006, 05:11 PM	#5 (permalink)
jrobin Registered User Join Date: Apr 2006 Posts: 15 OS: XP Home	I can't right click on Tea Timer or Antispyware because...the icons aren't there, thats the problem...I'll see if I can go into the progs and do the same thing

04-19-2006, 01:41 PM	#8 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,197 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Hi there. OK, I think we need to get you sorted before we go any further. There are some minor things we can get rid of, but they will not be contributing to your current situation. You might want to run CleanUp! on that spare drive and clear out the junk! I firmly believe that this is related to the MS update and the HP software. I would like you to go back to the link I posted earlier, take your time and go carefully through each step, but also write down exactly what you are doing through each step. Be as thorough as you can. I then want you type up a 'Report' of your actions and post it back in this thread. Please don't think that I don't believe you did it the first time - once I know that you've followed the MS guidelines and it doesn't work, then that's something else we can rule out. I also appreciate that making Registry changes can seem daunting for some, especially if not used to it. Don't do anything else in terms of the fix I posted - we can always come back to that later. I hope you'll give this a go - we need to get your system back towards something approaching normality. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner

04-19-2006, 02:30 PM	#9 (permalink)
jrobin Registered User Join Date: Apr 2006 Posts: 15 OS: XP Home	Thanks for the reply, In the meantime, I tried simply terning off the HP stuff via MSConfig and everything is perfect (well, perfect enough). I would uninstall it completely if I didn't get an error when I tried to...I appreciate the time you have spent on this but I'm not sure I can put aside a few hours to run through it again in the near future. I think you are absolutely right about the HP garbage being the main culprit. Again, thanks for your time and help. - Jan

04-19-2006, 03:20 PM	#10 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,197 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Hi Have you tried uninstalling in Safe Mode? You still have some items I would like to clear off your system - and I don't like to give up. Ignore the MS fix then and let me know if you manage to uninstall HP. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner

04-19-2006, 07:38 PM	#12 (permalink)
jrobin Registered User Join Date: Apr 2006 Posts: 15 OS: XP Home	Managed to delete that "Picture Package" - everything seems to be ok...

04-21-2006, 03:32 PM	#13 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,197 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Hi jrobin How are things now? I'd like to just tidy up and finish cleaning your system. Post back and let me know. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner

04-21-2006, 04:44 PM	#14 (permalink)
jrobin Registered User Join Date: Apr 2006 Posts: 15 OS: XP Home	Going well, thanks. I stayed up way to late the other night fiddling around though. You would be mad, installed a few things... IE7 MS Defender Firefox and some extensions... you know, all the stuff you don't want people to do before they are completely clean. That's pretty much what I did. Well, I was reading up on Defender and one thing led to another...things are running nicely though, as far as I can see. I haven't done any HiJack logs...I suppose you want one(?) - Jan

04-21-2006, 05:23 PM	#15 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,197 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Hi Jan Lol – no log – just now anyway. The last scan showed what appears to be infected e-mails – are they also on your other drive? I was speaking to one of my colleagues here and was advised that HP has an Application Recovery. Go to Start > All Programs > PC Help and Tools > HP Recovery Application – if you want your HP stuff back. Other than that I’d like you just to try one more online scan – and this time don’t include that old drive! Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky WebScanner Next Click on Launch Kaspersky Anti-Virus Web Scanner You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Take note of the name(s) and location(s) of any file(s) it detects but fails to clean. * Turn off the real time scanner of any existing antivirus program while performing the online scan Post back the report. If that comes back clean, then I’ll give you my recommendations for useful programmes (although you might be ahead of me there ) __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner

04-21-2006, 05:54 PM	#16 (permalink)
jrobin Registered User Join Date: Apr 2006 Posts: 15 OS: XP Home	Scan my computer...yep, that would include the D:, I'm sure it will have a field day with those archives. I really like the "NoScript" extension in Firefox (yes, I like the FasterFox extension too, but if I'm understanding how it worksm it's probably a matter of time before webmasters/server owners find a way to stop the party...). Very nice, I'm sure you have heard of it. Oh by the way, this isn't an HP machine, there was some HP software on it that my wife's grandfather gave her to install to compliment an HP photo printer (crap, crap and crap). I want to thank you again for your help. I've been reading through the forums and I can see I didn't have it nearly as bad as some folks you people deal with. Some of them come in pretty hurting. Kudos on the great work you do. I hope the $ from the AdSense helps compensate you guys somewhat. Oh wow, it looks like it is actually picking up some bad stuff on the C: - ah - Outlook Backup.pst...well we'll see. I'll post back when it is done, wanted to answer you before it took too long.. - Jan

04-22-2006, 04:05 AM	#18 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,197 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Hi Jan Yes, I think you’re correct. If you imported the .pst archive back into your current Outlook profile, well, you’re just asking for trouble. If you really don’t need any of that stuff on the D:\ drive, I would format the drive a couple of times to clean it completely and use it as a back up. You should be able to delete the e-mails in your current folder (the ones Kaspersky highlighted on the C:\ drive). If there’s nothing else, I’ll give you my standard clean speech, some of which you’ve already done, but hopefully there will be some things that will help for the future. And stick with Firefox – I haven’t used IE for nearly two years – I think it’s a great browser. OK, here we go – Reset Hidden/System Files To reset your hidden and system files: Click *Start.* Open *My Computer.* Select the *Tools menu* and click *Folder Options.* Select the *View* tab. Deselect the *Show hidden files and folders* option. Select the *Hide file extensions for known types* option. Select the *Hide protected operating system files* option. Click *Yes* to confirm. Click *OK.* System Restore To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK. To turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK. This will create a new Restore Point. IMPORTANT!!! Please ensure that Windows is patched against the WMF exploit. This is a dangerous vulnerability that opens the door to multiple infections; and a possible reason you were infected. Visit Window's Update to get the KB912919 patch. Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: Spyware Blaster to help prevent spyware from installing in the first place. Spyware Guard to catch and block spyware before it can execute. Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here. *Ad-aware* Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here. *IE-SPYAD* IE-Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here. *MVPS Hosts File* The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file. *Alternate Browsers* Try the following free alternate browsers rather than Internet Explorer Firefox Opera *Firewalls* A good firewall will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you do not have a firewall, here are 3 free ones available for personal use: Sygate Personal Firewall ZoneAlarm Tiny Personal Firewall *Anti Virus Software* It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online antivirus scanners: Anti-Spyware Tutorial Here are two very good free Antivirus products which are available: Avast! AVG It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. *Other Protection* Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer. In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles How Did I Get Infected In The First Place? The Anti-Spyware Tutorial. Making Internet Explorer Safer. Keep clean and safe and enjoy your computing! Please respond to this thread one more time so we can mark this thread as resolved. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner

04-22-2006, 08:56 AM	#19 (permalink)
jrobin Registered User Join Date: Apr 2006 Posts: 15 OS: XP Home	Thanks. I've got Teatimer, but I thought it woulkdn't be good to install the other real-time Ad-ware blockers at the same time? Is that not true? SHould I do all three at the same time?

04-22-2006, 07:30 PM	#20 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	Most of those downloads you were asked to get are not real-time protection, per se...They are probably just used once in a while (during an update...then you install it and leave it alone). SpywareGuard is one of the real-time protection programs. You may leave it to just one, but I think it's best to use TeaTimer and SpywareGuard (or at least just SpywareGuard). __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools