my computer is really slow and gets a lot of popups. i use panda and adaware, but everything keeps coming back. i just ran hijackthis. here's a copy of my log

Logfile of HijackThis v1.99.1
Scan saved at 9:42:15 AM, on 9/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sr\AgentSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sr\AgentFrm.exe
C:\Program Files\Sr\compnts\Vr\PavSrv51.exe
C:\Program Files\Sr\compnts\Vr\AVENGINE.EXE
C:\Program Files\Sr\Compnts\Vr\WebProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\DllHost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sr\SrLogon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\vybjdoz.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FCEngine\FCEngine.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\hsqaiavcddq.exe
C:\Program Files\HijackThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\System32\bho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\System32\italcexy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sr Agent] "C:\Program Files\Sr\SrLogon.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vybjdoz] C:\WINDOWS\vybjdoz.EXE
O4 - HKLM\..\Run: [odexxh] C:\WINDOWS\System32\kxtjij.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\System32\pshwr.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\System32\ichckupd.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {D289E463-771A-4964-B664-F3020E751A56} - http://acs.pandasoftware.com/asp/cabs/agen...4-0/miniagt.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Sr\compnts\Vr\PavSrv51.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Secure Resolutions Managed Agent (SR Agent) - Unknown owner - C:\Program Files\Sr\AgentSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\sohekog.exe (file missing)

Hi godimcrazy2003,

You have a few different trojans showing, so let's do this:

To clean your temp folder, recycle bin, etc..please download this free tool:
CCleaner
It will put a shortcut on your Desktop.
Click on CCleaner to start it. Then click "Run Cleaner".
Then Reboot (Exit).


Next. please download, install, and update the free version of Ewido trojan scanner:
http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful").

Then, reboot to Safe mode (tap F8 while restarting).

Run ewido, click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run.
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to you next reply.
After you reboot normally, also post a new HJT log.

okay, i ran both of those programs, and things seem to be running a lot more smoothly now. here is my current hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:18:49 PM, on 9/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sr\AgentSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sr\AgentFrm.exe
C:\Program Files\Sr\compnts\Vr\PavSrv51.exe
C:\Program Files\Sr\compnts\Vr\AVENGINE.EXE
C:\Program Files\Sr\Compnts\Vr\WebProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DllHost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sr\SrLogon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\bpzjbeq.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FCEngine\FCEngine.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HijackThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\System32\bho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\System32\italcexy.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sr Agent] "C:\Program Files\Sr\SrLogon.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ujsfmt] C:\WINDOWS\System32\bpzjbeq.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\System32\pshwr.exe
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\System32\ichckupd.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {D289E463-771A-4964-B664-F3020E751A56} - http://acs.pandasoftware.com/asp/cabs/agen...4-0/miniagt.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMSystem\plugin.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Sr\compnts\Vr\PavSrv51.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Secure Resolutions Managed Agent (SR Agent) - Unknown owner - C:\Program Files\Sr\AgentSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\sohekog.exe (file missing)


------------------------------------------


here is my ewido report:


HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1019.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1019.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick2 -> Spyware.SurfSide : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
:mozilla.15:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.74:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.75:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.78:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.79:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.80:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.81:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.82:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.83:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.84:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.86:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.99:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.100:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.101:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.102:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.103:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.104:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.105:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.106:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.107:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.124:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.125:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.126:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.136:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.137:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.138:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.139:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.140:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.141:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.142:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.143:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.151:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.152:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.153:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.154:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.155:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.156:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.171:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.172:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.176:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.177:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.178:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.179:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.180:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.181:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.182:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.183:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.184:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.201:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.202:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.203:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.204:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.206:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.219:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.236:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.237:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.238:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.239:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.240:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.241:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.242:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.243:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.244:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.245:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.246:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.247:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.300:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\9josephb\Cookies\9josephb@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\9josephb\Local Settings\Application Data\Wildtangent\Cdacache\00\00\11.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\CMAPP\Client\cmappclient.exe -> Spyware.CASClient : Cleaned with backup
C:\Program Files\CMAPP\cmappstub.exe -> TrojanDownloader.Agent.tf : Cleaned with backup
C:\Program Files\CMSystem\CMSystem.exe -> Spyware.CASClient : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\a.jar-33242f5b-6f047ffc.zip.tmp -> Trojan.Java.ClassLoader.u : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\ar3.jar-f30ee60-4c1c73dd.zip.tmp -> Trojan.Java.ClassLoader.k : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\asdf.exe.tmp -> TrojanDownloader.Small.bhf : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\classload.jar-11faa9ed-27a22176.zip.tmp -> TrojanDownloader.OpenConnection.f : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\dinst.exe.tmp -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\Dummy.class-2cc77dcf-7c2734a1.class.tmp -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\ichckupd.exe.tmp -> Spyware.SafeSurfing : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\installerapplet.class.tmp -> Trojan.Java.OpenStream.w : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\italcexy.dll.tmp -> Spyware.SafeSurfing : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\loaderadv420.jar-19cdd09a-5c0aaee4.zip.tmp -> Trojan.Java.ClassLoader.Dummy.a : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\mainsafe.exe.tmp -> Backdoor.HacDef.bo : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\nsj27b.dll.tmp -> Spyware.HotSearchBar : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\nsw260.dll.tmp -> Spyware.HotSearchBar : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\ocdmav.exe.tmp -> Trojan.Agent.ay : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\pigzply.exe.tmp -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\plugin.dll.tmp -> Spyware.CASClient : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\poller.exe.tmp -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\sohekog.exe.tmp -> TrojanDropper.Agent.tb : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\svcproc.exe.tmp -> Trojan.Stervis.d : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\svcproc[1].exe.tmp -> Trojan.Stervis.d : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\time.class-50c9903d-4f5172bc.class.tmp -> TrojanDownloader.Small.bhf : Cleaned with backup
C:\Program Files\Sr\Compnts\Vr\Quarantine\zxfdxb.exe.tmp -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\eobtvdk.exe -> TrojanDropper.Agent.vl : Cleaned with backup
C:\WINDOWS\jeguin.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\offun.exe -> TrojanDownloader.VB.hw : Cleaned with backup
C:\WINDOWS\pxckdla.exe -> TrojanDownloader.OneClickNetSearch.i : Cleaned with backup
C:\WINDOWS\system32\netlanm.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\vybjdoz.exe -> TrojanDownloader.VB.nw : Cleaned with backup
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup





thank you so much for your help here. this sure beats getting my computer re-imaged.

Hi godimcrazy2003,

You're welcome. Still some more work to do though...

You have the Epolvy trojan.
It is this entry in your current log:
O4 - HKLM\..\Run: [ujsfmt] c:\windows\system32\bpzjbeq.exe r
It was this entry in your previous log:
O4 - HKLM\..\Run: [odexxh] c:\windows\system32\kxtjij.exe r

Notice how the name and the file change. The only thing "constant" is the lonely "r" as a parameter at the end of the entry.
Try this step, but keep in mind that the file name may be different. So run HJT first, then look for the file with the "r" next to it and follow these steps for the newly named file.
********************

Set Windows to view hidden and system files:
Open the Windows Explorer | Tools | Folder Options - View [tab]:

Scroll down to the "Files and Folders" section.
Select: "Display the contents of system folders".

Scroll down to the "Hidden Files and Folders" section.
Select: "Show hidden files and folders", Ok the prompt
Uncheck: "Hide file extensions for known file types"
Uncheck: "Hide protected operating system files" Ok the Prompt, click Apply

Click the "Apply to all Folders" button. Close Windows Explorer.

After you're cleaned, please "rehide" them again.
_ _ _ _

Start > Run (type) services.msc
Scroll down to: "Windows Overlay Components"
Highlight, right-click and select: Properties
Select "Service Status" option to "Stop"
Select: "Startup type" set it to "Disabled", click Apply, OK

Close the Services Editor.
_ _ _ _

Download Process Explorer from http://www.sysinternals.com/Utilities/Proces-- The nicest hobby on Earth ;) --plorer.html
- Unzip Proces-- The nicest hobby on Earth ;) --plorer into it's own folder.
- Open the folder and run Procexp.exe.

In the list of processes, find bpzjbeq.exe (substitute the current O4 line random filename from the just completed HJT scan).
- Right click on the process and select "Suspend".
- Leave Proces-- The nicest hobby on Earth ;) --plorer running

Back in HJT, in the lower right click on "Config..."
- Under the "Misc Tools" tab, open "Delete a file on Reboot".
- In the 'File Name' box, enter c:\windows\system32\bpzjbeq.exe (substitute the current O4 line path and filename)
- Click OK and allow the system to reboot.

As it reboots, go into Safe mode (tap F8 while restarting).

Open Hijackthis, click Scan, then put a check next to the following entries:

R3 - Default URLSearchHook is missing

O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\System32\bho.dll
O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\System32\italcexy.dll (file missing)

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [ujsfmt] C:\WINDOWS\System32\bpzjbeq.exe r
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\System32\pshwr.exe
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\System32\ichckupd.exe

O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMSystem\plugin.dll

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\sohekog.exe (file missing)


Now Close all open Windows (have only HJT open) and click "Fix Checked".

Then delete these files in bold:

C:\WINDOWS\sohekog.exe

C:\WINDOWS\System32\bho.dll
C:\WINDOWS\System32\bpzjbeq.exe
C:\WINDOWS\System32\pshwr.exe
C:\WINDOWS\System32\ichckupd.exe
C:\WINDOWS\System32\italcexy.dll

And these folders:

C:\Program Files\CMSystem\
C:\Program Files\FCEngine\
C:\Program Files\WildTangent\

Then run ewido again (and post the ewido report).

Then reboot normally.

And also post a new HJT log .....

i ran process explorer, but i couldn't find the process bpzjbeq.exe

i ran another hijackthis scan, did a search in the log for bpzjbeq.exe, and it couldn't find it. here's a copy of my current hijackthis log report:


Logfile of HijackThis v1.99.1
Scan saved at 1:54:55 PM, on 9/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sr\AgentSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sr\AgentFrm.exe
C:\Program Files\Sr\compnts\Vr\PavSrv51.exe
C:\Program Files\Sr\compnts\Vr\AVENGINE.EXE
C:\Program Files\Sr\Compnts\Vr\WebProxy.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\DllHost.exe
C:\WINDOWS\System32\ygfemk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sr\SrLogon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FCEngine\FCEngine.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\System32\bho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\System32\italcexy.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sr Agent] "C:\Program Files\Sr\SrLogon.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [dgoxyou] C:\WINDOWS\System32\ygfemk.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\System32\pshwr.exe
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\System32\ichckupd.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {D289E463-771A-4964-B664-F3020E751A56} - http://acs.pandasoftware.com/asp/cabs/agen...4-0/miniagt.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMSystem\plugin.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Sr\compnts\Vr\PavSrv51.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Secure Resolutions Managed Agent (SR Agent) - Unknown owner - C:\Program Files\Sr\AgentSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe




i've followed the following steps so far:

You have the Epolvy trojan.
It is this entry in your current log:
O4 - HKLM\..\Run: [ujsfmt] c:\windows\system32\bpzjbeq.exe r
It was this entry in your previous log:
O4 - HKLM\..\Run: [odexxh] c:\windows\system32\kxtjij.exe r

Notice how the name and the file change. The only thing "constant" is the lonely "r" as a parameter at the end of the entry.
Try this step, but keep in mind that the file name may be different. So run HJT first, then look for the file with the "r" next to it and follow these steps for the newly named file.
********************

Set Windows to view hidden and system files:
Open the Windows Explorer | Tools | Folder Options - View [tab]:

Scroll down to the "Files and Folders" section.
Select: "Display the contents of system folders".

Scroll down to the "Hidden Files and Folders" section.
Select: "Show hidden files and folders", Ok the prompt
Uncheck: "Hide file extensions for known file types"
Uncheck: "Hide protected operating system files" Ok the Prompt, click Apply

Click the "Apply to all Folders" button. Close Windows Explorer.

After you're cleaned, please "rehide" them again.
_ _ _ _

Start > Run (type) services.msc
Scroll down to: "Windows Overlay Components"
Highlight, right-click and select: Properties
Select "Service Status" option to "Stop"
Select: "Startup type" set it to "Disabled", click Apply, OK

Close the Services Editor.
_ _ _ _

Download Process Explorer from http://www.sysinternals.com/Utilities/Proces-- The nicest hobby on Earth ;) --plorer.html
- Unzip Proces-- The nicest hobby on Earth ;) --plorer into it's own folder.
- Open the folder and run Procexp.exe.

Hi,

This is the file now: ygfemk.exe
O4 - HKLM\..\Run: [dgoxyou] C:\WINDOWS\System32\ygfemk.exe r

As stated earlier, it will have the "r" at the end, and will change.
If it makes it easier, it usually in the same "location" in the HJT log.
After [WinampAgent] and before [MSMSGS]

This log:

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [dgoxyou] C:\WINDOWS\System32\ygfemk.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
_ _

Last log:

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ujsfmt] C:\WINDOWS\System32\bpzjbeq.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
_ _

First log:

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vybjdoz] C:\WINDOWS\vybjdoz.EXE (was removed )
O4 - HKLM\..\Run: [odexxh] C:\WINDOWS\System32\kxtjij.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

i'm finished with that, but i had one little problem. you said to delete the following files:

C:\WINDOWS\sohekog.exe

C:\WINDOWS\System32\bho.dll
C:\WINDOWS\System32\bpzjbeq.exe
C:\WINDOWS\System32\pshwr.exe
C:\WINDOWS\System32\ichckupd.exe
C:\WINDOWS\System32\italcexy.dll

i looked for them, but i couldn't find them. i assume that means that they're already deleted, so i just skipped over that step. here's my ewido scan report:




HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
:mozilla.7:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.8:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.9:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.10:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.11:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.12:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.99:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.107:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.116:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.117:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.118:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.119:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.120:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.121:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.122:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.123:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.124:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.125:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.126:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.127:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.128:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.130:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.131:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.132:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.135:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.136:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.137:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.138:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.139:C:\Documents and Settings\9josephb\Application Data\Mozilla\Firefox\Profiles\yazzee54.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\9josephb\Cookies\9josephb@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\WINDOWS\jeguin.exe -> Adware.BetterInternet : Cleaned with backup





here's my HJT report:




Logfile of HijackThis v1.99.1
Scan saved at 9:07:05 PM, on 9/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sr\AgentSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sr\AgentFrm.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sr\SrLogon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sr\compnts\Vr\PavSrv51.exe
C:\Program Files\Sr\compnts\Vr\AVENGINE.EXE
C:\WINDOWS\System32\DllHost.exe
C:\Program Files\Sr\Compnts\Vr\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sr Agent] "C:\Program Files\Sr\SrLogon.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {D289E463-771A-4964-B664-F3020E751A56} - http://acs.pandasoftware.com/asp/cabs/agen...4-0/miniagt.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Sr\compnts\Vr\PavSrv51.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Secure Resolutions Managed Agent (SR Agent) - Unknown owner - C:\Program Files\Sr\AgentSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Hi godimcrazy2003,

Yes, those files are probably gone now.

Looks like you got the Epolvy trojan. :thumbup:
So now we can take care of the nail infection.
(those 2 infections usually show up together, but Epolvy needs to be taken care of first).


Check ewido for any updates. We'll have to run it again.
_ _ _ _

Then please download Nailfix from here:
http://www.noidea.us/easyfile/file.php?dow...050711214630636

Unzip it to the desktop but again, please don't run it yet.
_ _ _ _ _ _

To clean your temp folder, recycle bin, etc..please download this free tool:
CCleaner It will put a shortcut on your Desktop, but don't run it yet.


Reboot into Safe mode (tap F8 while restarting).

Open (double click) on the Nailfix folder (that you downloaded earlier), then double-click on Nailfix.cmd.
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.


Then open CCleaner. Click on CCleaner to start it. Then click "Run Cleaner".


When that's done, run Ewido trojan scanner.
Click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run.

If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to you next reply.


Open Hijackthis, click Scan, then put a check next to the following entries:
(If there)

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


Now Close all open Windows (have only HJT open) and click "Fix Checked".


Then reboot normally.


Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well.

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

Then reboot again, and please post a new HJT log.

hijackthis report:



Logfile of HijackThis v1.99.1
Scan saved at 10:15:05 PM, on 9/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sr\SrLogon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sr\AgentSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sr\AgentFrm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sr\compnts\Vr\PavSrv51.exe
C:\Program Files\Sr\compnts\Vr\AVENGINE.EXE
C:\WINDOWS\System32\DllHost.exe
C:\Program Files\Sr\Compnts\Vr\WebProxy.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sr Agent] "C:\Program Files\Sr\SrLogon.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {D289E463-771A-4964-B664-F3020E751A56} - http://acs.pandasoftware.com/asp/cabs/agen...4-0/miniagt.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Sr\compnts\Vr\PavSrv51.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Secure Resolutions Managed Agent (SR Agent) - Unknown owner - C:\Program Files\Sr\AgentSvc.exe








ewido report:


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:47:42 PM, 9/28/2005
+ Report-Checksum: D1B7B57A

+ Scan result:

No infected objects found.


::Report End

Hi Godimcrazy2003,

Looks clean, good job! :thumbup:

If you're not having any problems, then here are some suggestions to clean/protect your PC:
(Some may be redundant, so only use those that apply...)

I recommend that you get AdAware SE
Install The Program and Run it. Make Sure You Click the "Check for Updates" Button before starting a scan.
Do a scan with AdAware and Remove Everything it suggests.

Then, also get Spybot: Search and Destroy
Check for Updates first, download ALL Updates and Do a Scan.
When finished, make sure ALL RED items have been ticked, and click the "Fix Selected Problems" Button.

Keep them updated, and run them periodically.
_ _ _ _ _

Then click Start | Run (type) cleanmgr
Select the following:
1) Temporary Internet Files
2) Recycle Bin
3) Temporary Files

When completed Reboot.
_ _ _ _ _

Also go to Windows Update to keep up on all the latest security patches that apply to your PC.
Check Windows' Update site frequently, as new patches come out often. You don't need to install all the updates offered, but ALWAYS get the latest security updates available.

<< Now would be a good time to get SP2. After you get SP2, check for any updates to it after you reboot. >>
_ _ _ _

Then, it is not an option these days to be on the internet without and Updated Anti-Virus. If you have one, check it for updates frequently (or set it to "Auto" update). If you don't have one, or can't afford one, a good free one to use is AVG .
Have a look at this link: http://www.mvps.org/winhelp2002/avg7.htm

Just as it is important to have an updated Anti-virus, it's equally important to have a Firewall these days. Again, if you can't afford one, this is a good free one:

Sygate Personal Firewall.
_ _ _ _ _

Then I recommend you clean out your System Restore
Doing this will remove all your restore points, and any infections that might be hanging in there.

Click Start > Programs > Accessories > Windows Explorer
Right-click My Computer, and then click Properties.
Click the System Restore tab.
Check the "Turn off System Restore" or "Turn off System Restore on all drives".
Click Apply.
Click Yes to do this.
Click OK.
Then Restart your computer.

After you have restarted, turn System Restore back on:
Click Start.
Right-click My Computer, and then click Properties.
Click the System Restore tab.
Uncheck the "Turn off System Restore" or "Turn off System Restore on all drives" check box.
Click Apply, and then click OK.

Then create a new restore point once you have System Restore back on.
To create a new System Restore Point, click Start -> All Programs -> Accessories -> System Tools -> System Restore.
When the System Restore Utility opens, click "Create a Restore Point" then click Next.
Enter a name for this Restore Point, and click Create.
_ _ _ _ _

Here is a link that explains how to Clear Out Forgotten Programs, Free Up Wasted Space, Defragment Your Computer, etc...

http://www.microsoft.com/windowsxp/using/s...estoreperf.mspx
_ _ _ _ _

Here are some good links to follow to make your Internet Explorer more secure:

http://www.mvps.org/winhelp2002/restricted.htm
http://mvps.org/winhelp2002/unwanted.htm
_ _ _ _ _

Here is some free protection you should also consider:
Download and install:

SpywareBlaster will block bad ActiveX and malevolent cookies.

IESPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Check them for updates occasionally.


And also see So how did I get infected in the first place?

Let us know if you have any concerns,

Stay safe!