Wfm Exploit - Gladiator Security Forum

Welcome Guest ( Log In | Register )

Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?

Forum Rules

Greetings,

Before you post in this forum,please read and follow the instructions in this post: Guidelines for Posting in This Forum

Failure to follow these instructions will only result in delays of the cleaning and removal process.

If you ran other AntiVirus and/or AntiSpyware programs and have the logs available, please post them as well.

Our goal is to help you clean your PC and restore it to pre-infection condition wherever possible.

Thank You

Wfm Exploit, I am infected - Help Appreciated

Options

sescovar View Member Profile	Jan 10 2006, 02:00 AM Post #1
New Member Group: Member Posts: 6 Joined: 7-January 06 Member No.: 17380	spybot finds something and deletes it, but it returns on reboot. Following is my HijackThis Log Logfile of HijackThis v1.99.1 Scan saved at 5:41:45 PM, on 1/9/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\TSI32\tsircusr.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\kernels64.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe C:\Program Files\Common Files\LapLink\Scheduler\LLSCHENG.EXE C:\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\TotalRecorder\TotRecSched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\WINDOWS\System32\kernels64.exe C:\WINDOWS\System32\ctfmon.exe C:\AIM\aim.exe C:\WINDOWS\System32\shellexp.exe C:\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\AOL Companion\companion.exe C:\WinZip\WZQKPICK.EXE C:\Zone Labs\ZoneAlarm\zapro.exe C:\palmOne\HOTSYNC.EXE C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\csifcsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\TSIRCSRV.EXE C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\wwSecure.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/ F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels64.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe O1 - Hosts: 64.237.37.47 auto.search.msn.com O1 - Hosts: 64.237.37.47 auto.search.msn.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\SPYWAR~1\tools\iesdsg.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\PDF Converter 2.0 Professional\PDFConv\\RegistryController.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LapLink Scheduler] "C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels64.exe O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels64.exe O4 - HKLM\..\RunServicesOnce: [washindex] C:\Washer\washidx.exe O4 - HKCU\..\Run: [Updates Notifier] C:\Program Files\Common Files\Lacerte Shared\UpdNotif\UpdNotif.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Explorer] C:\WINDOWS\System32\shellexp.exe en O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup O4 - Startup: HotSync Manager.lnk = C:\palmOne\HOTSYNC.EXE O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\America Online 9.0a\aoltray.exe O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O4 - Global Startup: Service Manager.norun O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\PDF Converter 2.0 Professional\PDFConv\IEShellExt.dll /100 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0F15679F-75AB-4B96-A08C-472B7DB1A0F2} (03PrepInstall) - https://www.lacertesoftware.com/my_account/...prepinstall.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab? O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CleanService - Unknown owner - C:\FILESH~1\CleanService.exe O23 - Service: FileCabinet Solution Print Service (FCPrintService) - Creative Solutions - C:\WINDOWS\csifcsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe Thanks Steve

Bobbi Flekman View Member Profile	Jan 10 2006, 11:45 AM Post #2
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hi Steve, Download smitRem.exe and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop. Place a shortcut to Panda ActiveScan on your desktop. Please download the trial version of Ewido Security Suite here: http://www.ewido.net/en/download/ Please read Ewido Setup Instructions Install it, and update the definitions to the newest files. Do NOT run a scan yet. If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates: Ad-Aware SE Setup Don't run it yet! Next, please reboot your computer in SafeMode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Open Ad-aware and do a full scan. Remove all it finds. Run Ewido: Click on scanner Click on Complete System Scan and the scan will begin. NOTE: During some scans with ewido it is finding cases of false positives. You will need to step through the process of cleaning files one-by-one. If ewido detects a file you KNOW to be legitimate, select none as the action. DO NOT select "Perform action on all infections" If you are unsure of any entry found select none for now. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop Close Ewido Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked! Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply. Let us know if any problems persist. --------------------

sescovar View Member Profile	Jan 11 2006, 02:01 AM Post #3
New Member Group: Member Posts: 6 Joined: 7-January 06 Member No.: 17380	Thanks Bobbi. I have done your routine and got rid of stuff. I however was not able to run the Panda Active Scan so I went through your initial steps a second time. I was initially encourage but based on the new HijackThis Log following I still have shellexp.exe which I have ** * to highlight below. Logfile of HijackThis v1.99.1 Scan saved at 5:22:32 PM, on 1/10/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\TSI32\tsircusr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe C:\Picasa2\PicasaMediaDetector.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Common Files\LapLink\Scheduler\LLSCHENG.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\TotalRecorder\TotRecSched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\WINDOWS\System32\ctfmon.exe C:\AIM\aim.exe C:\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\AOL Companion\companion.exe C:\WinZip\WZQKPICK.EXE C:\Zone Labs\ZoneAlarm\zapro.exe C:\palmOne\HOTSYNC.EXE C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINDOWS\csifcsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\TSIRCSRV.EXE C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\wwSecure.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\steve\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/ F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe O1 - Hosts: 64.237.37.47 auto.search.msn.com O1 - Hosts: 64.237.37.47 auto.search.msn.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\PDF Converter 2.0 Professional\PDFConv\\RegistryController.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LapLink Scheduler] "C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\RunServicesOnce: [washindex] C:\Washer\washidx.exe O4 - HKCU\..\Run: [Updates Notifier] C:\Program Files\Common Files\Lacerte Shared\UpdNotif\UpdNotif.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl ** O4 - HKCU\..\Run: [Explorer] C:\WINDOWS\System32\shellexp.exe en O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup O4 - Startup: HotSync Manager.lnk = C:\palmOne\HOTSYNC.EXE O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\America Online 9.0a\aoltray.exe O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O4 - Global Startup: Service Manager.norun O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\PDF Converter 2.0 Professional\PDFConv\IEShellExt.dll /100 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0F15679F-75AB-4B96-A08C-472B7DB1A0F2} (03PrepInstall) - https://www.lacertesoftware.com/my_account/...prepinstall.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CleanService - Unknown owner - C:\FILESH~1\CleanService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: FileCabinet Solution Print Service (FCPrintService) - Creative Solutions - C:\WINDOWS\csifcsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe Missing from my ewido report was a delete of boot.inx when i accidently restarted the scan --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 12:01:32 PM, 1/10/2006 + Report-Checksum: 5AEA63B1 + Scan result: C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\10647296.asw -> Spyware.NewDotNet : Ignored C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\10672437.asw -> Spyware.NewDotNet : Ignored C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\11783703.asw -> Spyware.NewDotNet : Ignored C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\11801015.asw -> Spyware.NewDotNet : Ignored :mozilla.15:C:\RECYCLER\NPROTECT\00085108.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.6:C:\RECYCLER\NPROTECT\00085110.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.15:C:\RECYCLER\NPROTECT\00085111.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085113.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085114.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085115.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085116.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085117.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085118.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085119.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085128.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085129.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085131.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085132.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085133.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085134.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085135.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085136.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085137.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085138.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085140.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085141.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085142.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085143.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085144.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085145.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085148.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085156.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085157.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.16:C:\RECYCLER\NPROTECT\00085207.MOZ -> Spyware.Cookie.Atdmt : Ignored :mozilla.6:C:\RECYCLER\NPROTECT\00085244.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.7:C:\RECYCLER\NPROTECT\00085244.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.7:C:\RECYCLER\NPROTECT\00085247.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.8:C:\RECYCLER\NPROTECT\00085247.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.9:C:\RECYCLER\NPROTECT\00085247.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.10:C:\RECYCLER\NPROTECT\00085247.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.8:C:\RECYCLER\NPROTECT\00085256.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.9:C:\RECYCLER\NPROTECT\00085256.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.10:C:\RECYCLER\NPROTECT\00085256.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.11:C:\RECYCLER\NPROTECT\00085256.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.9:C:\RECYCLER\NPROTECT\00085301.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.10:C:\RECYCLER\NPROTECT\00085301.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.11:C:\RECYCLER\NPROTECT\00085301.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00085301.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.10:C:\RECYCLER\NPROTECT\00085303.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.11:C:\RECYCLER\NPROTECT\00085303.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00085303.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00085303.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.10:C:\RECYCLER\NPROTECT\00085502.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.11:C:\RECYCLER\NPROTECT\00085502.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00085502.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00085502.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.11:C:\RECYCLER\NPROTECT\00085546.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00085546.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00085546.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.14:C:\RECYCLER\NPROTECT\00085546.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00085547.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00085547.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.14:C:\RECYCLER\NPROTECT\00085547.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.15:C:\RECYCLER\NPROTECT\00085547.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00085548.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00085548.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.14:C:\RECYCLER\NPROTECT\00085548.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.15:C:\RECYCLER\NPROTECT\00085548.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00085549.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00085549.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.14:C:\RECYCLER\NPROTECT\00085549.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.15:C:\RECYCLER\NPROTECT\00085549.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00085550.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00085550.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.14:C:\RECYCLER\NPROTECT\00085550.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.15:C:\RECYCLER\NPROTECT\00085550.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00085556.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00085556.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.14:C:\RECYCLER\NPROTECT\00085556.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.15:C:\RECYCLER\NPROTECT\00085556.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00085567.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00085567.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.14:C:\RECYCLER\NPROTECT\00085567.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.15:C:\RECYCLER\NPROTECT\00085567.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00085570.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00085570.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.14:C:\RECYCLER\NPROTECT\00085570.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.15:C:\RECYCLER\NPROTECT\00085570.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00085571.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00085571.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.14:C:\RECYCLER\NPROTECT\00085571.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.15:C:\RECYCLER\NPROTECT\00085571.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00085580.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00085580.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.14:C:\RECYCLER\NPROTECT\00085580.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.15:C:\RECYCLER\NPROTECT\00085580.MOZ -> Spyware.Cookie.Clickzs : Ignored :mozilla.10:C:\RECYCLER\NPROTECT\00086258.MOZ -> Spyware.Cookie.Doubleclick : Ignored :mozilla.14:C:\RECYCLER\NPROTECT\00086261.MOZ -> Spyware.Cookie.Doubleclick : Ignored :mozilla.6:C:\RECYCLER\NPROTECT\00086263.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.9:C:\RECYCLER\NPROTECT\00086263.MOZ -> Spyware.Cookie.Doubleclick : Ignored :mozilla.6:C:\RECYCLER\NPROTECT\00086265.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00086265.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.26:C:\RECYCLER\NPROTECT\00086265.MOZ -> Spyware.Cookie.Doubleclick : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00086266.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00086266.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.26:C:\RECYCLER\NPROTECT\00086266.MOZ -> Spyware.Cookie.Doubleclick : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00086268.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00086268.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.26:C:\RECYCLER\NPROTECT\00086268.MOZ -> Spyware.Cookie.Doubleclick : Ignored :mozilla.7:C:\RECYCLER\NPROTECT\00086278.MOZ -> Spyware.Cookie.Webtrendslive : Ignored :mozilla.9:C:\RECYCLER\NPROTECT\00086278.MOZ -> Spyware.Cookie.Webtrendslive : Ignored :mozilla.10:C:\RECYCLER\NPROTECT\00086278.MOZ -> Spyware.Cookie.Webtrendslive : Ignored :mozilla.19:C:\RECYCLER\NPROTECT\00086278.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.20:C:\RECYCLER\NPROTECT\00086278.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.31:C:\RECYCLER\NPROTECT\00086278.MOZ -> Spyware.Cookie.Doubleclick : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00086353.MOZ -> Spyware.Cookie.Webtrendslive : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00086353.MOZ -> Spyware.Cookie.Webtrendslive : Ignored :mozilla.14:C:\RECYCLER\NPROTECT\00086353.MOZ -> Spyware.Cookie.Webtrendslive : Ignored :mozilla.19:C:\RECYCLER\NPROTECT\00086353.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.20:C:\RECYCLER\NPROTECT\00086353.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.31:C:\RECYCLER\NPROTECT\00086353.MOZ -> Spyware.Cookie.Doubleclick : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00086354.MOZ -> Spyware.Cookie.Webtrendslive : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00086354.MOZ -> Spyware.Cookie.Webtrendslive : Ignored :mozilla.18:C:\RECYCLER\NPROTECT\00086354.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.19:C:\RECYCLER\NPROTECT\00086354.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.30:C:\RECYCLER\NPROTECT\00086354.MOZ -> Spyware.Cookie.Doubleclick : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00086373.MOZ -> Spyware.Cookie.Webtrendslive : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00086373.MOZ -> Spyware.Cookie.Webtrendslive : Ignored :mozilla.18:C:\RECYCLER\NPROTECT\00086373.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.19:C:\RECYCLER\NPROTECT\00086373.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.30:C:\RECYCLER\NPROTECT\00086373.MOZ -> Spyware.Cookie.Doubleclick : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00086374.MOZ -> Spyware.Cookie.Webtrendslive : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00086374.MOZ -> Spyware.Cookie.Webtrendslive : Ignored :mozilla.18:C:\RECYCLER\NPROTECT\00086374.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.19:C:\RECYCLER\NPROTECT\00086374.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.30:C:\RECYCLER\NPROTECT\00086374.MOZ -> Spyware.Cookie.Doubleclick : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00086392.MOZ -> Spyware.Cookie.Webtrendslive : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00086392.MOZ -> Spyware.Cookie.Webtrendslive : Ignored :mozilla.18:C:\RECYCLER\NPROTECT\00086392.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.19:C:\RECYCLER\NPROTECT\00086392.MOZ -> Spyware.Cookie.2o7 : Ignored :mozilla.30:C:\RECYCLER\NPROTECT\00086392.MOZ -> Spyware.Cookie.Doubleclick : Ignored :mozilla.12:C:\RECYCLER\NPROTECT\00086642.MOZ -> Spyware.Cookie.Webtrendslive : Ignored :mozilla.13:C:\RECYCLER\NPROTECT\00086642.MOZ -> Spyware.Cookie.Webtrendslive : Ignored :mozilla.18:C:\RECYCLER\NPROTECT\00086642.MOZ -> Spyware.Cookie.2o7 : Ignored HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00086642.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.30:C:\RECYCLER\NPROTECT\00086642.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.12:C:\RECYCLER\NPROTECT\00086662.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.13:C:\RECYCLER\NPROTECT\00086662.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00086662.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00086662.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.30:C:\RECYCLER\NPROTECT\00086662.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.15:C:\RECYCLER\NPROTECT\00086669.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.16:C:\RECYCLER\NPROTECT\00086669.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.22:C:\RECYCLER\NPROTECT\00086669.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.23:C:\RECYCLER\NPROTECT\00086669.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.34:C:\RECYCLER\NPROTECT\00086669.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00086670.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00086670.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.23:C:\RECYCLER\NPROTECT\00086670.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.24:C:\RECYCLER\NPROTECT\00086670.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.36:C:\RECYCLER\NPROTECT\00086670.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00086671.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00086671.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.23:C:\RECYCLER\NPROTECT\00086671.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.24:C:\RECYCLER\NPROTECT\00086671.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.36:C:\RECYCLER\NPROTECT\00086671.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00086712.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00086712.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.23:C:\RECYCLER\NPROTECT\00086712.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.24:C:\RECYCLER\NPROTECT\00086712.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.36:C:\RECYCLER\NPROTECT\00086712.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00086713.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00086713.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.23:C:\RECYCLER\NPROTECT\00086713.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.24:C:\RECYCLER\NPROTECT\00086713.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.36:C:\RECYCLER\NPROTECT\00086713.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00086722.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00086722.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.23:C:\RECYCLER\NPROTECT\00086722.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.24:C:\RECYCLER\NPROTECT\00086722.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.36:C:\RECYCLER\NPROTECT\00086722.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00086723.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00086723.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.23:C:\RECYCLER\NPROTECT\00086723.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.24:C:\RECYCLER\NPROTECT\00086723.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.36:C:\RECYCLER\NPROTECT\00086723.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00086736.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00086736.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.23:C:\RECYCLER\NPROTECT\00086736.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.24:C:\RECYCLER\NPROTECT\00086736.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.36:C:\RECYCLER\NPROTECT\00086736.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00086761.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00086761.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.23:C:\RECYCLER\NPROTECT\00086761.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.24:C:\RECYCLER\NPROTECT\00086761.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.36:C:\RECYCLER\NPROTECT\00086761.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00086762.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.20:C:\RECYCLER\NPROTECT\00086762.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.26:C:\RECYCLER\NPROTECT\00086762.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.27:C:\RECYCLER\NPROTECT\00086762.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.37:C:\RECYCLER\NPROTECT\00086762.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.10:C:\RECYCLER\NPROTECT\00087831.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.11:C:\RECYCLER\NPROTECT\00087831.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.12:C:\RECYCLER\NPROTECT\00087831.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.13:C:\RECYCLER\NPROTECT\00087831.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.14:C:\RECYCLER\NPROTECT\00087831.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.15:C:\RECYCLER\NPROTECT\00087831.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.14:C:\RECYCLER\NPROTECT\00087839.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.15:C:\RECYCLER\NPROTECT\00087839.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.16:C:\RECYCLER\NPROTECT\00087839.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.17:C:\RECYCLER\NPROTECT\00087839.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00087839.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00087839.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.8:C:\RECYCLER\NPROTECT\00087841.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.17:C:\RECYCLER\NPROTECT\00087841.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00087841.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00087841.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.20:C:\RECYCLER\NPROTECT\00087841.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.21:C:\RECYCLER\NPROTECT\00087841.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.22:C:\RECYCLER\NPROTECT\00087841.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.13:C:\RECYCLER\NPROTECT\00087870.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00087870.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00087870.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.20:C:\RECYCLER\NPROTECT\00087870.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.21:C:\RECYCLER\NPROTECT\00087870.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.22:C:\RECYCLER\NPROTECT\00087870.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.23:C:\RECYCLER\NPROTECT\00087870.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.13:C:\RECYCLER\NPROTECT\00087871.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00087871.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00087871.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.20:C:\RECYCLER\NPROTECT\00087871.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.21:C:\RECYCLER\NPROTECT\00087871.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.22:C:\RECYCLER\NPROTECT\00087871.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.23:C:\RECYCLER\NPROTECT\00087871.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.10:C:\RECYCLER\NPROTECT\00087872.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.22:C:\RECYCLER\NPROTECT\00087872.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.27:C:\RECYCLER\NPROTECT\00087872.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.28:C:\RECYCLER\NPROTECT\00087872.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.29:C:\RECYCLER\NPROTECT\00087872.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.30:C:\RECYCLER\NPROTECT\00087872.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.31:C:\RECYCLER\NPROTECT\00087872.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.32:C:\RECYCLER\NPROTECT\00087872.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00087876.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.28:C:\RECYCLER\NPROTECT\00087876.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.33:C:\RECYCLER\NPROTECT\00087876.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.34:C:\RECYCLER\NPROTECT\00087876.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.35:C:\RECYCLER\NPROTECT\00087876.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.36:C:\RECYCLER\NPROTECT\00087876.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.37:C:\RECYCLER\NPROTECT\00087876.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.38:C:\RECYCLER\NPROTECT\00087876.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.6:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.7:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.12:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.13:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.41:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.46:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.47:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.48:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.49:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.50:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.9:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.10:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.12:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.13:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.41:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.46:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.47:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.48:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.49:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.50:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.14:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.15:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.16:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.27:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.46:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.51:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.52:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.53:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.54:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.55:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.14:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.15:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.16:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.27:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.46:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.51:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.52:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.53:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.54:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.55:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.13:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.14:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.25:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.26:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.45:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.50:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.51:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.52:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.53:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.54:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.13:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.14:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.25:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.26:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.45:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.50:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.51:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.52:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.53:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.54:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.13:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.14:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.25:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.26:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.45:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.50:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.51:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.52:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.53:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.54:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.14:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.15:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.26:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.27:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.45:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.50:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.51:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.52:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.53:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.54:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.14:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.15:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.17:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.45:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.50:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.51:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.52:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.53:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.54:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.14:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.15:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.26:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.27:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.45:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.50:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.51:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.52:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.53:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.54:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.13:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.14:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.24:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.25:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.41:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.46:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.47:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.48:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.49:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.50:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.13:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.14:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.24:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.25:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.41:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.46:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.47:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.48:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.49:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.50:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.13:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.14:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.24:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.25:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.41:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.46:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.47:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.48:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.49:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.50:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.13:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.14:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.16:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.17:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.41:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.46:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.47:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.48:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.49:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.50:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.15:C:\RECYCLER\NPROTECT\00088014.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.16:C:\RECYCLER\NPROTECT\00088014.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.26:C:\RECYCLER\NPROTECT\00088014.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.27:C:\RECYCLER\NPROTECT\00088014.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.43:C:\RECYCLER\NPROTECT\00088014.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.48:C:\RECYCLER\NPROTECT\00088014.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.49:C:\RECYCLER\NPROTECT\00088014.MOZ -> Spyware.Cookie.Adv

sescovar View Member Profile	Jan 11 2006, 02:06 AM Post #4
New Member Group: Member Posts: 6 Joined: 7-January 06 Member No.: 17380	Sorry. My last post was cut off. Following is the important stuff omitted. :mozilla.18:C:\RECYCLER\NPROTECT\00086392.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.19:C:\RECYCLER\NPROTECT\00086392.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.30:C:\RECYCLER\NPROTECT\00086392.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.12:C:\RECYCLER\NPROTECT\00086642.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.13:C:\RECYCLER\NPROTECT\00086642.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.18:C:\RECYCLER\NPROTECT\00086642.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP618\A0144302.exe -> Heuristic.Win32.Dialer : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP618\A0144303.exe -> Downloader.Tibs.bd : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP618\A0144304.exe -> Trojan.Agent.e : Cleaned with backup ::Report End Following is the smitRem log file smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] The current date is: Tue 01/10/2006 The current time is: 14:45:43.21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peaco*k@beyondlogic.org Killing PID 720 'explorer.exe' Killing PID 720 'explorer.exe' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! :) Is there any hope? Steve

Bobbi Flekman View Member Profile	Jan 11 2006, 11:20 AM Post #5
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hi sescovar, QUOTE Thanks Bobbi. I have done your routine and got rid of stuff. I however was not able to run the Panda Active Scan so I went through your initial steps a second time. I was initially encourage but based on the new HijackThis Log following I still have shellexp.exe which I have ** *** to highlight below. We're not done for some time to come ;) You might want to save this page on your favorites, so you can find it again when you return. You can also click on your name and click on "Find All Posts" to find your thread. Run HijackThis, click on "Scan" and check the boxes next to all these items. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O1 - Hosts: 64.237.37.47 auto.search.msn.com O1 - Hosts: 64.237.37.47 auto.search.msn.com O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O4 - HKCU\..\Run: [Explorer] C:\WINDOWS\System32\shellexp.exe en O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Service Manager.norun Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked". Restart your computer in Safe Mode. How do I Safe Boot my computer? Show hidden files. How do I show hidden files? At the end if the fix you can return the files to hidden status if you want. Delete the following files in red (it could be that they are deleted already): C:\WINDOWS\System32\shellexp.exe Restart your computer and post a new log in this thread. --------------------

sescovar View Member Profile	Jan 11 2006, 05:29 PM Post #6
New Member Group: Member Posts: 6 Joined: 7-January 06 Member No.: 17380	Thanks Bobbi. I think we are making progress. But I was unable to delete 04 - Global Startup: Service Manager.norun. Error was :the program may be in use - Use task manager to shut down". I attempted to locate it in task manager but not sure what process or application was applicable. Shellexp.exe was no longer on system at c:\windows\system32 so i did not delete. Following is my most recent HijackThis log Logfile of HijackThis v1.99.1 Scan saved at 9:01:43 AM, on 1/11/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\TSI32\tsircusr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/ F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\PDF Converter 2.0 Professional\PDFConv\\RegistryController.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LapLink Scheduler] "C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\RunServicesOnce: [washindex] C:\Washer\washidx.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - Global Startup: Acrobat Assistant.lnk = C:\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\America Online 9.0a\aoltray.exe O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O4 - Global Startup: Service Manager.norun O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0F15679F-75AB-4B96-A08C-472B7DB1A0F2} (03PrepInstall) - https://www.lacertesoftware.com/my_account/...prepinstall.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CleanService - Unknown owner - C:\FILESH~1\CleanService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: FileCabinet Solution Print Service (FCPrintService) - Creative Solutions - C:\WINDOWS\csifcsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe I am also including ewido startup and processes logs as of right now ewido anti-malware - Startup report --------------------------------------------------------- + Created on: 9:14:20 AM, 1/11/2006 + Report-Checksum: D292A713 Reg\HKLM\Run mmtask "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" Reg\HKLM\Run MMTray "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" Reg\HKLM\Run dla C:\WINDOWS\system32\dla\tfswctrl.exe Reg\HKLM\Run avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime Reg\HKLM\Run AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe Reg\HKCU\Run Sonic RecordNow! Reg\HKCU\Run MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background Reg\HKCU\Run ctfmon.exe C:\WINDOWS\System32\ctfmon.exe Reg\HKLM\RunServicesOnce washindex C:\Washer\washidx.exe Reg\HKLM\Run ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe Reg\HKLM\Run SSBkgdUpdate "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot Reg\HKLM\Run Pure Networks Port Magic "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run Reg\HKLM\Run PCMService "C:\Program Files\Dell\Media Experience\PCMService.exe" Reg\HKLM\Run NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup Reg\HKLM\Run LapLink Scheduler "C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE" Reg\HKLM\Run DVDSentry C:\WINDOWS\System32\DSentry.exe Reg\HKCU\Run DellSupport "C:\Program Files\Dell Support\DSAgnt.exe" /startup Reg\HKLM\Run KernelFaultCheck %systemroot%\system32\dumprep 0 -k Reg\HKLM\Run {0228e555-4f9c-4e35-a3ec-b109a192b4c2} C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe Reg\HKLM\Run Picasa Media Detector C:\Picasa2\PicasaMediaDetector.exe Reg\HKLM\Run ISUSPM Startup C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup Reg\HKLM\Run ISUSScheduler "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start Reg\HKLM\Run TotalRecorderScheduler "C:\TotalRecorder\TotRecSched.exe" Reg\HKLM\Run TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot Reg\HKLM\Run nwiz nwiz.exe /install Reg\HKLM\Run PDF Converter Registry Controller "C:\PDF Converter 2.0 Professional\PDFConv\\RegistryController.exe" Shell\CommonStartup Adobe Reader Speed Launch.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk Shell\CommonStartup America Online 9.0 Tray Icon.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk Shell\CommonStartup AOL Companion.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk Shell\CommonStartup Service Manager.norun C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.norun Shell\CommonStartup WinZip Quick Pick.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk Shell\CommonStartup ZoneAlarm Pro.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZoneAlarm Pro.lnk Shell\CommonStartup Acrobat Assistant.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk -------------------------------------------------------- ewido anti-malware - Process report --------------------------------------------------------- + Created on: 9:14:58 AM, 1/11/2006 + Report-Checksum: BD20AD9A 0: System Process 4: System Process 160: \SystemRoot\System32\smss.exe 212: \??\C:\WINDOWS\system32\csrss.exe 236: \??\C:\WINDOWS\system32\winlogon.exe 280: C:\WINDOWS\system32\services.exe 292: C:\WINDOWS\system32\lsass.exe 296: C:\Program Files\ewido anti-malware\SecuritySuite.exe 456: C:\WINDOWS\system32\svchost.exe 480: C:\WINDOWS\system32\svchost.exe 704: C:\WINDOWS\TSI32\tsircusr.exe 724: C:\WINDOWS\Explorer.EXE 880: C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe Is winlogon.exe above ok?. One of your spyware programs removed it yesterday and I have read conflicting info on it. Thanks.......you have been way too kind steve

Bobbi Flekman View Member Profile	Jan 12 2006, 12:08 PM Post #7
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hi Steve, QUOTE I think we are making progress. But I was unable to delete 04 - Global Startup: Service Manager.norun. Error was :the program may be in use - Use task manager to shut down". I attempted to locate it in task manager but not sure what process or application was applicable. We'll get that in another way. Download Killbox by Option^Explicit. Extract it from the zip file then double-click on Killbox.exe to run it. Click on "Delete on Reboot", in the "Full Path of File to Delete" box, enter C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.norun and click on the button with the white cross in a red circle. You will get a question "File will be Deleted on Next Reboot, Process & Reboot now?", answer "Yes". Let Killbox do it's work. QUOTE Is winlogon.exe above ok?. One of your spyware programs removed it yesterday and I have read conflicting info on it. This Winlogon is good. It is a vital part of the Windows Operating System. But the location of the file should be in the system folder. Please post a new log from HijackThis. --------------------

sescovar View Member Profile	Jan 13 2006, 07:08 PM Post #8
New Member Group: Member Posts: 6 Joined: 7-January 06 Member No.: 17380	Bobbi my hijack log is bigger this time. I guess because you did not have me boot into the safe mode this time. Logfile of HijackThis v1.99.1 Scan saved at 10:54:09 AM, on 1/13/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\TSI32\tsircusr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe C:\Program Files\Common Files\LapLink\Scheduler\LLSCHENG.EXE C:\Picasa2\PicasaMediaDetector.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\TotalRecorder\TotRecSched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\Lacerte Shared\UpdNotif\UpdNotif.EXE C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\WINDOWS\System32\ctfmon.exe C:\AIM\aim.exe C:\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\AOL Companion\companion.exe C:\WinZip\WZQKPICK.EXE C:\Zone Labs\ZoneAlarm\zapro.exe C:\palmOne\HOTSYNC.EXE C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Documents and Settings\steve\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/ F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\PDF Converter 2.0 Professional\PDFConv\\RegistryController.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LapLink Scheduler] "C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\RunServicesOnce: [washindex] C:\Washer\washidx.exe O4 - HKCU\..\Run: [Updates Notifier] C:\Program Files\Common Files\Lacerte Shared\UpdNotif\UpdNotif.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup O4 - Startup: HotSync Manager.lnk = C:\palmOne\HOTSYNC.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\America Online 9.0a\aoltray.exe O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\PDF Converter 2.0 Professional\PDFConv\IEShellExt.dll /100 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0F15679F-75AB-4B96-A08C-472B7DB1A0F2} (03PrepInstall) - https://www.lacertesoftware.com/my_account/...prepinstall.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CleanService - Unknown owner - C:\FILESH~1\CleanService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: FileCabinet Solution Print Service (FCPrintService) - Creative Solutions - C:\WINDOWS\csifcsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe Thanks Steve

Bobbi Flekman View Member Profile	Jan 14 2006, 08:52 AM Post #9
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hi Steve, I only make you boot into Safe Mode to delete files and folders. The rest of the instructions are to be done in Normal Mode, unless stated explicitly. This log looks clean! This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Sygate Personal Firewall or Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them.... Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox. Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer. This can be accessed by going to http://windowsupdate.microsoft.com/ and following the prompts. If you are running Windows XP get updated to SP-2 Please post back if you are still having any problems.... --------------------

sescovar View Member Profile	Jan 14 2006, 04:52 PM Post #10
New Member Group: Member Posts: 6 Joined: 7-January 06 Member No.: 17380	Thanks Bobbi. You help is greatly appreciated. If I can show my gratitude, please let me know. In a previous post you responded to my quote below QUOTE Is winlogon.exe above ok?. One of your spyware programs removed it yesterday and I have read conflicting info on it. YOUR RESPONSE This Winlogon is good. It is a vital part of the Windows Operating System. But the location of the file should be in the system folder. Is this a concern or is it now fixed? Thanks again Steve

Bobbi Flekman View Member Profile	Jan 15 2006, 10:43 AM Post #11
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hi Steve, QUOTE Is this a concern or is it now fixed? It is not a concern. The Winlogon you saw is the valid one. By the way, I saw that you had installed the unofficial patch for the WMF exploit. QUOTE O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll Since Microsoft has released the official patch I will give you the instructions to get rid of this one and install the Microsoft version. Step 1. Reboot your system to clear any infected image files from memory. Step 2. If you installed an early version of MS06-001 that was leaked via some Web sites, run the Add/Remove Programs applet from the Control Panel. Uninstall patch number 912919, which interferes with installation of the official patch. Step 3. Use Microsoft Update or Windows Update to download and apply MS06-001 and any other patches you may need. Step 4. Reboot. Step 5. Uninstall the unofficial Guilfanov patch, by using one of the following methods: 1. On individual PCs, run the Add/Remove Programs applet from the Control Panel. Uninstall the patch entitled "Windows WMF Metafile Vulnerability HotFix"; 2. Or, at a command prompt, run the following command: "C:\Program Files\WindowsMetafileFix\unins000.exe" /SILENT 3. Or, if you used a Microsoft Installer (.msi) file to install the patch on multiple machines, you can uninstall the unofficial patch using this command: msiexec.exe /X{E1CDC5B0-7AFB-11DA-8CD6-0800200C9A66} /qn Step 6. Re-register the Shell Image View Control DLL if you previously deregistered it. (You might have deregistered the DLL using the same command as shown below, but with -u surrounded by spaces after regsvr32). The following command re-registers the DLL. From the Start menu, select Run and then type: regsvr32 %windir%\system32\shimgvw.dll Step 7. Optionally, reboot one more time just for good measure. (The Internet Storm Center says this is not required, but doesn't hurt.) --------------------

« Next Oldest · HELP! Think you are Infected? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 11:32 PM

Licensed to: Gladiator-Antivirus-Forums

Design by: Skins IPB & Web Browsers