spybot finds something and deletes it, but it returns on reboot.

Following is my HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 5:41:45 PM, on 1/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\kernels64.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Common Files\LapLink\Scheduler\LLSCHENG.EXE
C:\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\TotalRecorder\TotRecSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\kernels64.exe
C:\WINDOWS\System32\ctfmon.exe
C:\AIM\aim.exe
C:\WINDOWS\System32\shellexp.exe
C:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\AOL Companion\companion.exe
C:\WinZip\WZQKPICK.EXE
C:\Zone Labs\ZoneAlarm\zapro.exe
C:\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\csifcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wwSecure.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels64.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe
O1 - Hosts: 64.237.37.47 auto.search.msn.com
O1 - Hosts: 64.237.37.47 auto.search.msn.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\PDF Converter 2.0 Professional\PDFConv\\RegistryController.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LapLink Scheduler] "C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels64.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels64.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Washer\washidx.exe
O4 - HKCU\..\Run: [Updates Notifier] C:\Program Files\Common Files\Lacerte Shared\UpdNotif\UpdNotif.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Explorer] C:\WINDOWS\System32\shellexp.exe en
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - Startup: HotSync Manager.lnk = C:\palmOne\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Service Manager.norun
O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\PDF Converter 2.0 Professional\PDFConv\IEShellExt.dll /100
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F15679F-75AB-4B96-A08C-472B7DB1A0F2} (03PrepInstall) - https://www.lacertesoftware.com/my_account/...prepinstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CleanService - Unknown owner - C:\FILESH~1\CleanService.exe
O23 - Service: FileCabinet Solution Print Service (FCPrintService) - Creative Solutions - C:\WINDOWS\csifcsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe

Thanks

Steve

Hi Steve,

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• NOTE: During some scans with ewido it is finding cases of false positives.
• You will need to step through the process of cleaning files one-by-one.
• If ewido detects a file you KNOW to be legitimate, select none as the action.
• DO NOT select "Perform action on all infections"
• If you are unsure of any entry found select none for now.
• When the scan is finished, click the Save report button at the bottom of the screen.
• Save the report to your desktop

Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.

Thanks Bobbi. I have done your routine and got rid of stuff. I however was not able to run the Panda Active Scan so I went through your initial steps a second time.

I was initially encourage but based on the new HijackThis Log following I still have shellexp.exe which I have **** ***** to highlight below.

Logfile of HijackThis v1.99.1
Scan saved at 5:22:32 PM, on 1/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Picasa2\PicasaMediaDetector.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\LapLink\Scheduler\LLSCHENG.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\TotalRecorder\TotRecSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\System32\ctfmon.exe
C:\AIM\aim.exe
C:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\AOL Companion\companion.exe
C:\WinZip\WZQKPICK.EXE
C:\Zone Labs\ZoneAlarm\zapro.exe
C:\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\csifcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wwSecure.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\steve\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe
O1 - Hosts: 64.237.37.47 auto.search.msn.com
O1 - Hosts: 64.237.37.47 auto.search.msn.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\PDF Converter 2.0 Professional\PDFConv\\RegistryController.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LapLink Scheduler] "C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Washer\washidx.exe
O4 - HKCU\..\Run: [Updates Notifier] C:\Program Files\Common Files\Lacerte Shared\UpdNotif\UpdNotif.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl

**** O4 - HKCU\..\Run: [Explorer] C:\WINDOWS\System32\shellexp.exe en

O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - Startup: HotSync Manager.lnk = C:\palmOne\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Service Manager.norun
O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\PDF Converter 2.0 Professional\PDFConv\IEShellExt.dll /100
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F15679F-75AB-4B96-A08C-472B7DB1A0F2} (03PrepInstall) - https://www.lacertesoftware.com/my_account/...prepinstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CleanService - Unknown owner - C:\FILESH~1\CleanService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: FileCabinet Solution Print Service (FCPrintService) - Creative Solutions - C:\WINDOWS\csifcsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe



Missing from my ewido report was a delete of boot.inx when i accidently restarted the scan


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:01:32 PM, 1/10/2006
+ Report-Checksum: 5AEA63B1

+ Scan result:

C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\10647296.asw -> Spyware.NewDotNet : Ignored
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\10672437.asw -> Spyware.NewDotNet : Ignored
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\11783703.asw -> Spyware.NewDotNet : Ignored
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\11801015.asw -> Spyware.NewDotNet : Ignored
:mozilla.15:C:\RECYCLER\NPROTECT\00085108.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.6:C:\RECYCLER\NPROTECT\00085110.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.15:C:\RECYCLER\NPROTECT\00085111.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085113.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085114.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085115.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085116.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085117.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085118.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085119.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085128.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085129.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085131.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085132.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085133.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085134.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085135.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085136.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085137.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085138.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085140.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085141.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085142.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085143.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085144.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085145.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085148.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085156.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085157.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.16:C:\RECYCLER\NPROTECT\00085207.MOZ -> Spyware.Cookie.Atdmt : Ignored
:mozilla.6:C:\RECYCLER\NPROTECT\00085244.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.7:C:\RECYCLER\NPROTECT\00085244.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.7:C:\RECYCLER\NPROTECT\00085247.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.8:C:\RECYCLER\NPROTECT\00085247.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.9:C:\RECYCLER\NPROTECT\00085247.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.10:C:\RECYCLER\NPROTECT\00085247.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.8:C:\RECYCLER\NPROTECT\00085256.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.9:C:\RECYCLER\NPROTECT\00085256.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.10:C:\RECYCLER\NPROTECT\00085256.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.11:C:\RECYCLER\NPROTECT\00085256.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.9:C:\RECYCLER\NPROTECT\00085301.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.10:C:\RECYCLER\NPROTECT\00085301.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.11:C:\RECYCLER\NPROTECT\00085301.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00085301.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.10:C:\RECYCLER\NPROTECT\00085303.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.11:C:\RECYCLER\NPROTECT\00085303.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00085303.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00085303.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.10:C:\RECYCLER\NPROTECT\00085502.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.11:C:\RECYCLER\NPROTECT\00085502.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00085502.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00085502.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.11:C:\RECYCLER\NPROTECT\00085546.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00085546.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00085546.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.14:C:\RECYCLER\NPROTECT\00085546.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00085547.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00085547.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.14:C:\RECYCLER\NPROTECT\00085547.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.15:C:\RECYCLER\NPROTECT\00085547.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00085548.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00085548.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.14:C:\RECYCLER\NPROTECT\00085548.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.15:C:\RECYCLER\NPROTECT\00085548.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00085549.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00085549.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.14:C:\RECYCLER\NPROTECT\00085549.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.15:C:\RECYCLER\NPROTECT\00085549.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00085550.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00085550.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.14:C:\RECYCLER\NPROTECT\00085550.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.15:C:\RECYCLER\NPROTECT\00085550.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00085556.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00085556.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.14:C:\RECYCLER\NPROTECT\00085556.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.15:C:\RECYCLER\NPROTECT\00085556.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00085567.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00085567.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.14:C:\RECYCLER\NPROTECT\00085567.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.15:C:\RECYCLER\NPROTECT\00085567.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00085570.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00085570.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.14:C:\RECYCLER\NPROTECT\00085570.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.15:C:\RECYCLER\NPROTECT\00085570.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00085571.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00085571.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.14:C:\RECYCLER\NPROTECT\00085571.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.15:C:\RECYCLER\NPROTECT\00085571.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00085580.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00085580.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.14:C:\RECYCLER\NPROTECT\00085580.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.15:C:\RECYCLER\NPROTECT\00085580.MOZ -> Spyware.Cookie.Clickzs : Ignored
:mozilla.10:C:\RECYCLER\NPROTECT\00086258.MOZ -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.14:C:\RECYCLER\NPROTECT\00086261.MOZ -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.6:C:\RECYCLER\NPROTECT\00086263.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.9:C:\RECYCLER\NPROTECT\00086263.MOZ -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.6:C:\RECYCLER\NPROTECT\00086265.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00086265.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.26:C:\RECYCLER\NPROTECT\00086265.MOZ -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00086266.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00086266.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.26:C:\RECYCLER\NPROTECT\00086266.MOZ -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00086268.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00086268.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.26:C:\RECYCLER\NPROTECT\00086268.MOZ -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.7:C:\RECYCLER\NPROTECT\00086278.MOZ -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.9:C:\RECYCLER\NPROTECT\00086278.MOZ -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.10:C:\RECYCLER\NPROTECT\00086278.MOZ -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.19:C:\RECYCLER\NPROTECT\00086278.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.20:C:\RECYCLER\NPROTECT\00086278.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.31:C:\RECYCLER\NPROTECT\00086278.MOZ -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00086353.MOZ -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00086353.MOZ -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.14:C:\RECYCLER\NPROTECT\00086353.MOZ -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.19:C:\RECYCLER\NPROTECT\00086353.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.20:C:\RECYCLER\NPROTECT\00086353.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.31:C:\RECYCLER\NPROTECT\00086353.MOZ -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00086354.MOZ -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00086354.MOZ -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.18:C:\RECYCLER\NPROTECT\00086354.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.19:C:\RECYCLER\NPROTECT\00086354.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.30:C:\RECYCLER\NPROTECT\00086354.MOZ -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00086373.MOZ -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00086373.MOZ -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.18:C:\RECYCLER\NPROTECT\00086373.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.19:C:\RECYCLER\NPROTECT\00086373.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.30:C:\RECYCLER\NPROTECT\00086373.MOZ -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00086374.MOZ -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00086374.MOZ -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.18:C:\RECYCLER\NPROTECT\00086374.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.19:C:\RECYCLER\NPROTECT\00086374.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.30:C:\RECYCLER\NPROTECT\00086374.MOZ -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00086392.MOZ -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00086392.MOZ -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.18:C:\RECYCLER\NPROTECT\00086392.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.19:C:\RECYCLER\NPROTECT\00086392.MOZ -> Spyware.Cookie.2o7 : Ignored
:mozilla.30:C:\RECYCLER\NPROTECT\00086392.MOZ -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.12:C:\RECYCLER\NPROTECT\00086642.MOZ -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.13:C:\RECYCLER\NPROTECT\00086642.MOZ -> Spyware.Cookie.Webtrendslive : Ignored
:mozilla.18:C:\RECYCLER\NPROTECT\00086642.MOZ -> Spyware.Cookie.2o7 : Ignored
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00086642.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\RECYCLER\NPROTECT\00086642.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.12:C:\RECYCLER\NPROTECT\00086662.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00086662.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00086662.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00086662.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\RECYCLER\NPROTECT\00086662.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00086669.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\00086669.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00086669.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00086669.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\00086669.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00086670.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00086670.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00086670.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00086670.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\RECYCLER\NPROTECT\00086670.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00086671.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00086671.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00086671.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00086671.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\RECYCLER\NPROTECT\00086671.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00086712.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00086712.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00086712.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00086712.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\RECYCLER\NPROTECT\00086712.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00086713.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00086713.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00086713.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00086713.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\RECYCLER\NPROTECT\00086713.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00086722.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00086722.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00086722.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00086722.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\RECYCLER\NPROTECT\00086722.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00086723.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00086723.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00086723.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00086723.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\RECYCLER\NPROTECT\00086723.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00086736.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00086736.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00086736.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00086736.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\RECYCLER\NPROTECT\00086736.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00086761.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00086761.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00086761.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00086761.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\RECYCLER\NPROTECT\00086761.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00086762.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00086762.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00086762.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00086762.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\RECYCLER\NPROTECT\00086762.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.10:C:\RECYCLER\NPROTECT\00087831.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\RECYCLER\NPROTECT\00087831.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:C:\RECYCLER\NPROTECT\00087831.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00087831.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00087831.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00087831.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00087839.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00087839.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\00087839.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.17:C:\RECYCLER\NPROTECT\00087839.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00087839.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00087839.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.8:C:\RECYCLER\NPROTECT\00087841.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.17:C:\RECYCLER\NPROTECT\00087841.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00087841.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00087841.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00087841.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00087841.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00087841.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00087870.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00087870.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00087870.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00087870.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00087870.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00087870.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00087870.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00087871.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00087871.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00087871.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00087871.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00087871.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00087871.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00087871.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.10:C:\RECYCLER\NPROTECT\00087872.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00087872.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00087872.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\RECYCLER\NPROTECT\00087872.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.29:C:\RECYCLER\NPROTECT\00087872.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\RECYCLER\NPROTECT\00087872.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\RECYCLER\NPROTECT\00087872.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\RECYCLER\NPROTECT\00087872.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00087876.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.28:C:\RECYCLER\NPROTECT\00087876.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\00087876.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\00087876.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\00087876.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\RECYCLER\NPROTECT\00087876.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.37:C:\RECYCLER\NPROTECT\00087876.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\RECYCLER\NPROTECT\00087876.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.6:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.7:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.12:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.41:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00087878.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.9:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.10:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.12:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.41:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00087879.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\RECYCLER\NPROTECT\00087882.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\RECYCLER\NPROTECT\00087887.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.45:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\00087892.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.45:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\00087894.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.45:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\00087896.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.45:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\00087938.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.17:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.45:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\00087946.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.45:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\00087987.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.41:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00087990.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.41:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00088010.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.41:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00088011.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.17:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.41:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00088012.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00088014.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\00088014.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00088014.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00088014.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.43:C:\RECYCLER\NPROTECT\00088014.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\00088014.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\00088014.MOZ -> Spyware.Cookie.Adv

Sorry. My last post was cut off.

Following is the important stuff omitted.

:mozilla.18:C:\RECYCLER\NPROTECT\00086392.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00086392.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\RECYCLER\NPROTECT\00086392.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.12:C:\RECYCLER\NPROTECT\00086642.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00086642.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00086642.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP618\A0144302.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP618\A0144303.exe -> Downloader.Tibs.bd : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP618\A0144304.exe -> Trojan.Agent.e : Cleaned with backup


::Report End


Following is the smitRem log file


smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 01/10/2006
The current time is: 14:45:43.21

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peaco*k@beyondlogic.org
Killing PID 720 'explorer.exe'
Killing PID 720 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)


Is there any hope?


Steve

Hi sescovar,

We're not done for some time to come ;)

You might want to save this page on your favorites, so you can find it again when you return. You can also click on your name and click on "Find All Posts" to find your thread.

Run HijackThis, click on "Scan" and check the boxes next to all these items.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O1 - Hosts: 64.237.37.47 auto.search.msn.com
O1 - Hosts: 64.237.37.47 auto.search.msn.com

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKCU\..\Run: [Explorer] C:\WINDOWS\System32\shellexp.exe en
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Service Manager.norun

Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".

Restart your computer in Safe Mode. How do I Safe Boot my computer?

Show hidden files. How do I show hidden files?
At the end if the fix you can return the files to hidden status if you want.

Delete the following files in red (it could be that they are deleted already):

C:\WINDOWS\System32\shellexp.exe

Restart your computer and post a new log in this thread.

Thanks Bobbi.

I think we are making progress. But I was unable to delete 04 - Global Startup: Service Manager.norun. Error was :the program may be in use - Use task manager to shut down". I attempted to locate it in task manager but not sure what process or application was applicable.

Shellexp.exe was no longer on system at c:\windows\system32 so i did not delete.

Following is my most recent HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 9:01:43 AM, on 1/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\PDF Converter 2.0 Professional\PDFConv\\RegistryController.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LapLink Scheduler] "C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Washer\washidx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Service Manager.norun
O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F15679F-75AB-4B96-A08C-472B7DB1A0F2} (03PrepInstall) - https://www.lacertesoftware.com/my_account/...prepinstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CleanService - Unknown owner - C:\FILESH~1\CleanService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: FileCabinet Solution Print Service (FCPrintService) - Creative Solutions - C:\WINDOWS\csifcsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe


I am also including ewido startup and processes logs as of right now



ewido anti-malware - Startup report
---------------------------------------------------------

+ Created on: 9:14:20 AM, 1/11/2006
+ Report-Checksum: D292A713

Reg\HKLM\Run mmtask "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
Reg\HKLM\Run MMTray "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
Reg\HKLM\Run dla C:\WINDOWS\system32\dla\tfswctrl.exe
Reg\HKLM\Run avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Reg\HKCU\Run Sonic RecordNow!
Reg\HKCU\Run MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Reg\HKCU\Run ctfmon.exe C:\WINDOWS\System32\ctfmon.exe
Reg\HKLM\RunServicesOnce washindex C:\Washer\washidx.exe
Reg\HKLM\Run ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Reg\HKLM\Run SSBkgdUpdate "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
Reg\HKLM\Run Pure Networks Port Magic "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
Reg\HKLM\Run PCMService "C:\Program Files\Dell\Media Experience\PCMService.exe"
Reg\HKLM\Run NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Reg\HKLM\Run LapLink Scheduler "C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE"
Reg\HKLM\Run DVDSentry C:\WINDOWS\System32\DSentry.exe
Reg\HKCU\Run DellSupport "C:\Program Files\Dell Support\DSAgnt.exe" /startup
Reg\HKLM\Run KernelFaultCheck %systemroot%\system32\dumprep 0 -k
Reg\HKLM\Run {0228e555-4f9c-4e35-a3ec-b109a192b4c2} C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
Reg\HKLM\Run Picasa Media Detector C:\Picasa2\PicasaMediaDetector.exe
Reg\HKLM\Run ISUSPM Startup C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
Reg\HKLM\Run ISUSScheduler "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
Reg\HKLM\Run TotalRecorderScheduler "C:\TotalRecorder\TotRecSched.exe"
Reg\HKLM\Run TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Reg\HKLM\Run nwiz nwiz.exe /install
Reg\HKLM\Run PDF Converter Registry Controller "C:\PDF Converter 2.0 Professional\PDFConv\\RegistryController.exe"
Shell\CommonStartup Adobe Reader Speed Launch.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
Shell\CommonStartup America Online 9.0 Tray Icon.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
Shell\CommonStartup AOL Companion.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
Shell\CommonStartup Service Manager.norun C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.norun
Shell\CommonStartup WinZip Quick Pick.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
Shell\CommonStartup ZoneAlarm Pro.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZoneAlarm Pro.lnk
Shell\CommonStartup Acrobat Assistant.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk




--------------------------------------------------------
ewido anti-malware - Process report
---------------------------------------------------------

+ Created on: 9:14:58 AM, 1/11/2006
+ Report-Checksum: BD20AD9A

0: System Process
4: System Process
160: \SystemRoot\System32\smss.exe
212: \??\C:\WINDOWS\system32\csrss.exe
236: \??\C:\WINDOWS\system32\winlogon.exe
280: C:\WINDOWS\system32\services.exe
292: C:\WINDOWS\system32\lsass.exe
296: C:\Program Files\ewido anti-malware\SecuritySuite.exe
456: C:\WINDOWS\system32\svchost.exe
480: C:\WINDOWS\system32\svchost.exe
704: C:\WINDOWS\TSI32\tsircusr.exe
724: C:\WINDOWS\Explorer.EXE
880: C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe


Is winlogon.exe above ok?. One of your spyware programs removed it yesterday and I have read conflicting info on it.


Thanks.......you have been way too kind

steve

Hi Steve,

We'll get that in another way.

Download Killbox by Option^Explicit. Extract it from the zip file then double-click on Killbox.exe to run it. Click on "Delete on Reboot", in the "Full Path of File to Delete" box, enter C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.norun and click on the button with the white cross in a red circle. You will get a question "File will be Deleted on Next Reboot, Process & Reboot now?", answer "Yes". Let Killbox do it's work.

This Winlogon is good. It is a vital part of the Windows Operating System. But the location of the file should be in the system folder.

Please post a new log from HijackThis.

Bobbi

my hijack log is bigger this time. I guess because you did not have me boot into the safe mode this time.

Logfile of HijackThis v1.99.1
Scan saved at 10:54:09 AM, on 1/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Common Files\LapLink\Scheduler\LLSCHENG.EXE
C:\Picasa2\PicasaMediaDetector.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\TotalRecorder\TotRecSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Lacerte Shared\UpdNotif\UpdNotif.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\AIM\aim.exe
C:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\AOL Companion\companion.exe
C:\WinZip\WZQKPICK.EXE
C:\Zone Labs\ZoneAlarm\zapro.exe
C:\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Documents and Settings\steve\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\PDF Converter 2.0 Professional\PDFConv\\RegistryController.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LapLink Scheduler] "C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Washer\washidx.exe
O4 - HKCU\..\Run: [Updates Notifier] C:\Program Files\Common Files\Lacerte Shared\UpdNotif\UpdNotif.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - Startup: HotSync Manager.lnk = C:\palmOne\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\PDF Converter 2.0 Professional\PDFConv\IEShellExt.dll /100
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F15679F-75AB-4B96-A08C-472B7DB1A0F2} (03PrepInstall) - https://www.lacertesoftware.com/my_account/...prepinstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CleanService - Unknown owner - C:\FILESH~1\CleanService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: FileCabinet Solution Print Service (FCPrintService) - Creative Solutions - C:\WINDOWS\csifcsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe


Thanks

Steve

Hi Steve,

I only make you boot into Safe Mode to delete files and folders. The rest of the instructions are to be done in Normal Mode, unless stated explicitly.

This log looks clean!

This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Sygate Personal Firewall or Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....

Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.

Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.

This can be accessed by going to http://windowsupdate.microsoft.com/ and following the prompts. If you are running Windows XP get updated to SP-2

Please post back if you are still having any problems....

Thanks Bobbi. You help is greatly appreciated. If I can show my gratitude, please let me know.

In a previous post you responded to my quote below

QUOTE
Is winlogon.exe above ok?. One of your spyware programs removed it yesterday and I have read conflicting info on it.

YOUR RESPONSE
This Winlogon is good. It is a vital part of the Windows Operating System. But the location of the file should be in the system folder.

Is this a concern or is it now fixed?

Thanks again

Steve

Hi Steve,

It is not a concern. The Winlogon you saw is the valid one.

By the way, I saw that you had installed the unofficial patch for the WMF exploit. Since Microsoft has released the official patch I will give you the instructions to get rid of this one and install the Microsoft version.

Step 1. Reboot your system to clear any infected image files from memory.

Step 2. If you installed an early version of MS06-001 that was leaked via some Web sites, run the Add/Remove Programs applet from the Control Panel. Uninstall patch number 912919, which interferes with installation of the official patch.

Step 3. Use Microsoft Update or Windows Update to download and apply MS06-001 and any other patches you may need.

Step 4. Reboot.

Step 5. Uninstall the unofficial Guilfanov patch, by using one of the following methods:

1. On individual PCs, run the Add/Remove Programs applet from the Control Panel. Uninstall the patch entitled "Windows WMF Metafile Vulnerability HotFix";

2. Or, at a command prompt, run the following command:

"C:\Program Files\WindowsMetafileFix\unins000.exe" /SILENT

3. Or, if you used a Microsoft Installer (.msi) file to install the patch on multiple machines, you can uninstall the unofficial patch using this command:

msiexec.exe /X{E1CDC5B0-7AFB-11DA-8CD6-0800200C9A66} /qn

Step 6. Re-register the Shell Image View Control DLL if you previously deregistered it. (You might have deregistered the DLL using the same command as shown below, but with -u surrounded by spaces after regsvr32). The following command re-registers the DLL. From the Start menu, select Run and then type:

regsvr32 %windir%\system32\shimgvw.dll


Step 7. Optionally, reboot one more time just for good measure. (The Internet Storm Center says this is not required, but doesn't hurt.)