MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Please Help!
December 14, 2019, 11:42:09 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 14, 2019, 11:42:09 AM

Login with username, password and session length
 Featured Sites:
News
New  We now offer MyTechSupport.ca Merchandise! Every purchase goes towards maintaining our site.
Thank you for supporting MyTechSupport.ca!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Please Help!  (Read 3830 times)
poyndextr
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 57


Bookmark and Share

View Profile
« on: October 11, 2005, 10:02:22 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows XP Professional
Problem Application Name & Version: Internet Explorer Version 6.0
Problem Hardware Make & Model: Custom Computer Design
Error Messages:




Popups on this PC are nonstop.  If I open internet explorer in anything other than safe mode, it will not work.  I have run trendmicro, adaware, and spybot s & d.  I have been succesful removing similar problems from two other computers with your help and would appreciate if you could help with this one.  Thank you in advance for your help.  The hijack this is as follows:


Logfile of HijackThis v1.99.1
Scan saved at 3:46:55 PM, on 10/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\coaskfr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.quicksearch360.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CDI-Services
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CalCompUtil] ccwtup32.exe
O4 - HKLM\..\Run: [GTCO.wtxpload] C:\WINDOWS\GTCO\wtxpload.exe GTCO
O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe"
O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [hqgguq] C:\WINDOWS\System32\hqgguq.exe
O4 - HKLM\..\Run: [msresearch] C:\WINDOWS\msresearch.exe
O4 - HKLM\..\Run: [Tcqgnqoj] C:\Program Files\Yacwza\Elsxjc.exe
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [adprot] C:\WINDOWS\System32\NEWADP~1.EXE
O4 - HKLM\..\Run: [NEWADP~1] C:\WINDOWS\System32\NEWADP~1.exe
O4 - HKLM\..\Run: [APD123] C:\WINDOWS\System32\APD123.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\dtggai.exe reg_run
O4 - HKLM\..\Run: [mc-58-12-] C:\WINDOWS\System32\mc-58-12-
O4 - HKLM\..\Run: [trnrq] C:\WINDOWS\System32\gypfc\trnrq.exe
O4 - HKLM\..\Run: [envqmq] C:\WINDOWS\System32\aqowxho\envqmq.exe
O4 - HKLM\..\Run: [rplvct] C:\WINDOWS\System32\jjlneyj\rplvct.exe
O4 - HKLM\..\Run: [lklvxwqd] C:\WINDOWS\System32\plvn\lklvxwqd.exe
O4 - HKLM\..\Run: [xgne] C:\WINDOWS\System32\cfaa\xgne.exe
O4 - HKLM\..\Run: [txyompq] C:\WINDOWS\System32\jhbglld\txyompq.exe
O4 - HKLM\..\Run: [pvrve] C:\WINDOWS\System32\kjccoqrm\pvrve.exe
O4 - HKLM\..\Run: [qymakng] C:\WINDOWS\qymakng.exe
O4 - HKLM\..\Run: [cashplusmedia1.exe] C:\WINDOWS\System32\cashplusmedia1.exe
O4 - HKLM\..\Run: [letn] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [llfqcb] C:\WINDOWS\System32\dhsr\llfqcb.exe
O4 - HKLM\..\Run: [6=LE] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [10b0] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Kitfqi.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Gtmkrg.exe
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\Run: [ppfzum] C:\WINDOWS\System32\coaskfr.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [fmw] C:\WINDOWS\fmw.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Startup: desktop weather.lnk = Program Files\desktop weather\desktopweather_1253400.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\Pvsw\Bin\w3dbsmgr.exe
O4 - Global Startup: rauu.exe
O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.cnsx.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099502056835
O16 - DPF: {E5F172FE-381A-46A5-BB6B-27681D080088} (DnldCtrlX Control) - http://store.cnsx.com/download/DnldCtrlX.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cdi-services.com
O17 - HKLM\Software\..\Telephony: DomainName = cdi-services.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cdi-services.com
O18 - Protocol: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\System32\qlink32.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\p68qlgl516q.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Y2hyaXNj\command.exe
O23 - Service: envqmqaqowxho - Unknown owner - C:\WINDOWS\System32\aqowxho\envqmq.exe
O23 - Service: llfqcbdhsr - Unknown owner - C:\WINDOWS\System32\dhsr\llfqcb.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\dcecyxr.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\System32\Wintab32.exe

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: October 12, 2005, 08:05:08 AM »

Hi.
You have a bit of a mess so we will start by cleaning the Nail Virus first....

1. Please download, install, and update the free version of Ewido Security Suite:
 
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

Click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful").Exit Ewido. DO NOT scan yet.

2. Please download this revised installer for the Nailfix utility from  Here. DO NOT run it yet.

3. Reboot to Safe Mode

4. Once in Safe Mode, please double-click on nailfix.exe. Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish". Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

5. Next, run Ewido again. and click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one.
 If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being.

 When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.Post a new HJT log and the Ewido report




-----------------------------------------------------------------------------------

Go to Start > Run and type: services.msc and OK. Look for the below service:

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

When you find it, stop it if it is running, doubleclick on it and change the startup type to Disabled.

Next, go HERE and download SvcProc.reg to your

Desktop. Doubleclick on it to merge it with your Registry and boot into Safe Mode (restart your PC and tap F8 as it restarts)and run Hijack This and check the below entry and click on Fix Checked.

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
« Last Edit: October 12, 2005, 08:08:45 AM by Pancake » Logged

An Australian Member of

EDDY
poyndextr
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 57


Bookmark and Share

View Profile
« Reply #2 on: October 12, 2005, 03:24:25 PM »

Okay...here is the new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:19:31 AM, on 10/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\nksgaf.exe
C:\Computer Maintenance\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.quicksearch360.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CDI-Services
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CalCompUtil] ccwtup32.exe
O4 - HKLM\..\Run: [GTCO.wtxpload] C:\WINDOWS\GTCO\wtxpload.exe GTCO
O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe"
O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [hqgguq] C:\WINDOWS\System32\hqgguq.exe
O4 - HKLM\..\Run: [msresearch] C:\WINDOWS\msresearch.exe
O4 - HKLM\..\Run: [Tcqgnqoj] C:\Program Files\Yacwza\Elsxjc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [adprot] C:\WINDOWS\System32\NEWADP~1.EXE
O4 - HKLM\..\Run: [NEWADP~1] C:\WINDOWS\System32\NEWADP~1.exe
O4 - HKLM\..\Run: [mc-58-12-] C:\WINDOWS\System32\mc-58-12-
O4 - HKLM\..\Run: [trnrq] C:\WINDOWS\System32\gypfc\trnrq.exe
O4 - HKLM\..\Run: [envqmq] C:\WINDOWS\System32\aqowxho\envqmq.exe
O4 - HKLM\..\Run: [rplvct] C:\WINDOWS\System32\jjlneyj\rplvct.exe
O4 - HKLM\..\Run: [lklvxwqd] C:\WINDOWS\System32\plvn\lklvxwqd.exe
O4 - HKLM\..\Run: [xgne] C:\WINDOWS\System32\cfaa\xgne.exe
O4 - HKLM\..\Run: [txyompq] C:\WINDOWS\System32\jhbglld\txyompq.exe
O4 - HKLM\..\Run: [pvrve] C:\WINDOWS\System32\kjccoqrm\pvrve.exe
O4 - HKLM\..\Run: [qymakng] C:\WINDOWS\qymakng.exe
O4 - HKLM\..\Run: [llfqcb] C:\WINDOWS\System32\dhsr\llfqcb.exe
O4 - HKLM\..\Run: [10b0] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Gtmkrg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Startup: desktop weather.lnk = Program Files\desktop weather\desktopweather_1253400.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\Pvsw\Bin\w3dbsmgr.exe
O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.cnsx.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099502056835
O16 - DPF: {E5F172FE-381A-46A5-BB6B-27681D080088} (DnldCtrlX Control) - http://store.cnsx.com/download/DnldCtrlX.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cdi-services.com
O17 - HKLM\Software\..\Telephony: DomainName = cdi-services.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cdi-services.com
O18 - Protocol: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\System32\qlink32.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Y2hyaXNj\command.exe (file missing)
O23 - Service: envqmqaqowxho - Unknown owner - C:\WINDOWS\System32\aqowxho\envqmq.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: llfqcbdhsr - Unknown owner - C:\WINDOWS\System32\dhsr\llfqcb.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\dcecyxr.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\System32\Wintab32.exe



...and the ewido log:

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         9:18:33 AM, 10/12/2005
 + Report-Checksum:      2D46F806

 + Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{08E05EED-5EE9-11D4-9CAF-00D0B76063FD}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{08E05EEF-5EE9-11D4-9CAF-00D0B76063FD}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{11032FC1-C2F4-11D3-AD67-009027B8ADBC}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{11032FC3-C2F4-11D3-AD67-009027B8ADBC}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{315FFE68-CEBE-11D3-AD70-009027B8ADBC}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{4A0F42B7-A61B-4131-BF41-BF05A2635BFD} -> Spyware.CometCursor : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{4A0F42B7-A61B-4131-BF41-BF05A2635BFD}\TypeLib\\ -> Spyware.CometCursor : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{4DB06670-0264-4D2E-94B0-308D67920174}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{4DB06671-0264-4D2E-94B0-308D67920174}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{5DCDE22F-E64F-11D3-AD74-009027B8ADBC}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{767C6798-8354-11D4-AE3A-009027B8ADBC}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{80F1B904-D066-11D3-AD70-009027B8ADBC}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{811689AF-700D-11D3-B376-0800460222F0}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{9D23F1F1-9093-11D3-AD3A-009027B8ADBC}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{9D23F1F9-9093-11D3-AD3A-009027B8ADBC}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{9D23F1FB-9093-11D3-AD3A-009027B8ADBC}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{9DBDD71C-0A7F-48AC-9FFA-E102B3750B9D} -> Spyware.CometCursor : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{9DBDD71C-0A7F-48AC-9FFA-E102B3750B9D}\TypeLib\\ -> Spyware.CometCursor : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{BCDDAB73-C3A8-11D3-AD69-009027B8ADBC}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{BCDDAB75-C3A8-11D3-AD69-009027B8ADBC}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{C2E56E18-2F04-4AB9-9333-B2DB3C350956} -> Spyware.CometCursor : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{C2E56E18-2F04-4AB9-9333-B2DB3C350956}\TypeLib\\ -> Spyware.CometCursor : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{C3E62835-DDF1-4242-9DD2-7C6C376197C5}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{E88A59EA-085C-44A5-A912-25F7FF7D2AD2}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{E88A59EB-085C-44A5-A912-25F7FF7D2AD2}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{E88A59EC-085C-44A5-A912-25F7FF7D2AD2}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{E9CBBEED-20B6-456C-8589-CF364D9D2370} -> Spyware.CometCursor : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{E9CBBEED-20B6-456C-8589-CF364D9D2370}\TypeLib\\ -> Spyware.CometCursor : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{F8C5EA77-7D72-405C-B90A-093655B0F544} -> Spyware.CometCursor : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{F8C5EA77-7D72-405C-B90A-093655B0F544}\TypeLib\\ -> Spyware.CometCursor : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{FF825A39-251F-47AF-949F-E885C4EE4367}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{FF825A3A-251F-47AF-949F-E885C4EE4367}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{FF825A3B-251F-47AF-949F-E885C4EE4367}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{FF825A3C-251F-47AF-949F-E885C4EE4367}\TypeLib\\ -> Spyware.HiWire : Cleaned with backup
   HKLM\SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy\CLSID\\ -> Spyware.NetNucleus : Cleaned with backup
   HKLM\SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy.1\CLSID\\ -> Spyware.NetNucleus : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\\CLSID -> Spyware.VX2 : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetOffers -> Spyware.LZIO : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\whSurvey -> Spyware.WebHancer : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
   HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning
   HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning
   HKLM\SOFTWARE\YourSiteBar\Historystring -> Spyware.ISTBar : Error during cleaning
   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Error during cleaning
   [1788] C:\WINDOWS\System32\nksgaf.exe -> Trojan.Agent.cp : Cleaned with backup
   C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rauu.exe -> Trojan.Pakes : Cleaned with backup
   C:\Documents and Settings\CHADH\Cookies\chadh@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\CHADH\Local Settings\Temp\aimk.sys -> Trojan.Kolweb.b : Cleaned with backup
   C:\Documents and Settings\CHADH\Local Settings\Temp\D2088\aurora.exe -> Adware.BetterInternet : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@abetterinternet[3].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@abetterinternet[4].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@abetterinternet[5].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@abetterinternet[6].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@abetterinternet[7].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@ad.yieldmanager[3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@ad.yieldmanager[4].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@ad.yieldmanager[5].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@hypertracker[3].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@shopathomeselect[1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@thunderbolt.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@yieldmanager[3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@yieldmanager[5].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\chrisc\Cookies\chrisc@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\60001.exe -> TrojanDownloader.Small.bkr : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\Cookies\chrisc@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\Cookies\chrisc@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\Cookies\chrisc@banner.grandonline[2].txt -> Spyware.Cookie.Grandonline : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\Cookies\chrisc@grandonline[2].txt -> Spyware.Cookie.Grandonline : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\Cookies\chrisc@www.grandonline[1].txt -> Spyware.Cookie.Grandonline : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\f7114730.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\f7179183.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\GLF12GLF12.EXE -> TrojanDownloader.TSUpdate.f : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\i1B7C.tmp -> Spyware.SurfSide : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\i1B8A.tmp -> Spyware.SurfSide : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\i1B8C.tmp -> Spyware.SurfSide : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\i1CD.tmp -> Spyware.SurfSide : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\i85E.tmp -> Spyware.SurfSide : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\i85F.tmp -> Spyware.SurfSide : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\iB94.tmp -> Spyware.SurfSide : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\iinstall.exe -> TrojanDownloader.IstBar.li : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\nsh_106.exe -> Spyware.Downloadware : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\pcs_0099.exe -> Spyware.Pacer : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\res19.tmp -> Spyware.180Solutions : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\resB95.tmp -> Spyware.180Solutions : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\tm42549.exe -> Trojan.Pakes : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\tm51247.exe -> Trojan.Pakes : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\ts_8_new.exe -> TrojanDownloader.TSUpdate.f : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temp\xv2twh3.sys -> Trojan.Kolweb.e : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temporary Internet Files\Content.IE5\G7GNI9I5\rcverlib[1].exe -> Trojan.Pakes : Cleaned with backup
   C:\Documents and Settings\chrisc\Local Settings\Temporary Internet Files\Content.IE5\OJCLQL6H\trk_0026[1].exe -> Spyware.Pacer : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wfk4amczedp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wfk4coajwao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wfkiqlcpoho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wfkogndzwaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wfkoskazwbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wfkyomazefp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wfl4kjcpako.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjk4ggcpgco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjk4opd5kfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjkowkdjkcq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjkyekajkap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjkyspdjkap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjl4ohcpgho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjl4qkdpgeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjlichczslo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjlowicpico.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjmicpczilp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjny-1kazob.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjny-1oajok.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjny-1oczic.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjny-1oczic.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjny-1oczic.stats.esomniture[3].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjnyahdjmco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjnychc5ibo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjnyomcpegp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@e-2dj6wjnyqkazeao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@thunderbolt.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\jamesr\Cookies\jamesr@thunderbolt.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\jamesr\Local Settings\Temp\ew4f.sys -> Trojan.Delf.cf : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkoqjc5mbow-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@a-1shz2prbmdj6wvny-1sez2pra2dj6wjliuoazmkpq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@adopt.specificclick[4].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@cz5.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@e-2dj6wfkigoc5ebp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@e-2dj6wflichcpgap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@e-2dj6wflighazofq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@e-2dj6wflocjcjefo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@e-2dj6wjk4cgcpego.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@e-2dj6wjk4ejczacp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@e-2dj6wjk4klcpkbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@e-2dj6wjk4wgdzego.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@e-2dj6wjkyamczcgq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@e-2dj6wjl4cmazido.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@e-2dj6wjlicldjefp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@e-2dj6wjlysid5cko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@e-2dj6wjmykgczidp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@e-2dj6wjny-1ndpcb.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@e-2dj6wjnyajczsao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@e-2dj6wjnygjd5kdq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@e-2dj6wjnywmd5afp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@rotator.dex.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@rotator.dex.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@thunderbolt.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@thunderbolt.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@thunderbolt.adjuggler[3].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@thunderbolt.adjuggler[4].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@thunderbolt.adjuggler[5].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@thunderbolt.adjuggler[6].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@thunderbolt.adjugglerHuh?.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@ugl.adtrak[1].txt -> Spyware.Cookie.Adtrak : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@vip.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4qhd5clpgqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyslcziaqqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\jeffe\Cookies\jeffe@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyoldpmbogwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\JenniferD\Cookies\jenniferd@www.hightrafficads[1].txt -> Spyware.Cookie.Hightrafficads : Cleaned with backup
   C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\LocalService\Cookies\system@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\Documents and Settings\LocalService\Cookies\system@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
   C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   C:\Documents and Settings\LocalService\Cookies\system@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   C:\Documents and Settings\LocalService\Cookies\system@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
   C:\Documents and Settings\LocalService\Cookies\system@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
   C:\Documents and Settings\LocalService\Cookies\system@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   C:\Documents and Settings\LocalService\Cookies\system@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\Documents and Settings\LocalService\Cookies\system@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   C:\Documents and Settings\LocalService\Cookies\system@ysbweb[1].txt -> Spyware.Cookie.Ysbweb : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\016DAN4H\dealhelper[1].exe -> TrojanDownloader.Agent.hw : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\016DAN4H\downloaddll[1].htm -> Spyware.DealHelper : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\016DAN4H\dun[1].exe -> Spyware.DealHelper : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\016DAN4H\istsvc[1].exe -> TrojanDownloader.IstBar : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\016DAN4H\sahagent[1].exe -> Adware.SAHA : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\016DAN4H\whCC-GIANT[1].exe/WhAgent.exe -> Spyware.WebHancer : Error during cleaning
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\016DAN4H\ysb_prompt[1].htm -> TrojanDownloader.IstBar.j : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0HARW5MN\bridge-c18[1].cab/MediaPassX.dll -> Spyware.WinAD : Error during cleaning
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0HARW5MN\optimize[1].exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0HARW5MN\power_remove[1].exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0HARW5MN\sidefind[1].exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0HARW5MN\uninstaller.prod.21sep2005.exe[1] -> Spyware.SurfAccuracy : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0HARW5MN\ysb[1].dll -> TrojanDownloader.IstBar.lv : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPAJ85QZ\powerscan[1].exe -> Spyware.PowerScan : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPAJ85QZ\SAcc.prod.v1112.05oct2005.exe[1] -> Spyware.SurfAccuracy : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPAJ85QZ\sfbho13[1].dll -> Spyware.SideFind : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPAJ85QZ\version[1].exe -> Spyware.DealHelper : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OVOVANI9\876029[1].exe -> Adware.SaveNow : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OVOVANI9\bb[1].exe -> TrojanDownloader.Adload.a : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OVOVANI9\istdownload[1].exe -> TrojanDownloader.IstBar.ma : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OVOVANI9\istrecover[1].exe -> TrojanDownloader.IstBar.ij : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OVOVANI9\nem220[1].dll -> TrojanDownloader.Dyfuca : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OVOVANI9\sidefind13[1].dll -> Spyware.SideFind : Cleaned with backup
   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OVOVANI9\ysb_regular[1].cab/ysbactivex.dll -> TrojanDownloader.IstBar : Error during cleaning
   C:\Documents and Settings\meganm\Cookies\meganm@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Documents and Settings\meganm\Cookies\meganm@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
   C:\Documents and Settings\meganm\Cookies\meganm@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
   C:\Documents and Settings\meganm\Cookies\meganm@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
   C:\Documents and Settings\meganm\Cookies\meganm@www.thesaurus-dictionary.com.16150.fb.dbbsrv[1].txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@a-1shz2prbmdj6wvny-1sez2pra2dj6wfliwpdpseqq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkoupajceqa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkyapcjscow-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkyopc5ceoq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkyqkcpkdoq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkyqkcpkdoq-1dj6x9ny-1seq-2-2.stats.esomniture[3].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1jcpseow6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1jcpseow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1jcpseow6dj6x9ny-1seq-2-2.stats.esomniture[3].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1ldjecowwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1ndpafpa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnycgdzaloq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@a.tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@a.tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@a.tribalfusion[3].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@a.tribalfusion[4].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@adopt.specificclick[3].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@adorigin[2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wfkigmazkap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wfkiqlcpoho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wfkiwjd5oco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wfkogndzwaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wfkokgazikq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wfkycgczmlo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wfkyknc5wkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjk4eocpgaq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjk4wndzeaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjkoogazwfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjkosid5wgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjkowlcjgeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjkyagcjkap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjkyomcpseo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjkyqkcpcao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjkysjcpmhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjliooc5ekp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjliwhdjmfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjlycidzgeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjmicnczolp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjmygkczsfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjmygmazeho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjmywhdjgho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjny-1kczmk.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjny-1mdzkg.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjnyahcjwco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjnycgdjwlo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjnyegdpseq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjnyehazalp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjnyokazogp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjnyqkazeao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@e-2dj6wjnyulajmbq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@popunder.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@www.myaffiliateprogram[3].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@www.myaffiliateprogram[4].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4shd5ilpgmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4uocpikoa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiqgcpkbqq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkosjcjsepa6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkosjcjsepa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkosjcjsepa6dj6x9ny-1seq-2-2.stats.esomniture[3].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkosjcjsepa6dj6x9ny-1seq-2-2.stats.esomniture[4].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkosjcjsepa6dj6x9ny-1seq-2-2.stats.esomniture[5].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyghdzmbqawdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyghdzmbqawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkykjcpmboqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkykjcpmboqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyqmczocogydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wfliaiczeapwydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4aid5khpgwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4ggc5kdpasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4ggc5kdpasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4ojazobowwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4onajckpaidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4onajckpaidj6x9ny-1seq-2-2.stats.esomniture[3].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4sgcjglpqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4sgcjglpqwdj6x9ny-1seq-2-2.stats.esomniture[3].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoaldjokqqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoencjglpaydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoencjglpaydj6x9ny-1seq-2-2.stats.esomniture[3].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoencjglpaydj6x9ny-1seq-2-2.stats.esomniture[4].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkogic5wgqq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkogkazsaog6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkogkdjgapa2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkowndzihoa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkowocjchpwwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkycoajkdpgqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkycod5slogqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkycod5slogqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkycod5slogqdj6x9ny-1seq-2-2.stats.esomniture[3].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkykmajgeogqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkykmajgeogqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkykmajgeogqdj6x9ny-1seq-2-2.stats.esomniture[3].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkysmcjslqqqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4ukd5egowsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4ukd5egowsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliekdjiaoaqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlioidpckoq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlykgazkcqaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyujajghpwidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyujajghpwidj6x9ny-1seq-2-2.stats.esomniture[3].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyujdzsapq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmianczibow2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiqndjmeoaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmygmdzokpwidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyqjazecpasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyqjazecpasdj6x9ny-1seq-2-2.stats.esomniture[3].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmysjazakpa2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyajc5aapg6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnychcpelpqudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycjdzadoasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyckd5elow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycodpocqaudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycodpocqaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycodpocqaudj6x9ny-1seq-2-2.stats.esomniture[4].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnygnajadogudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyokazogpgwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyopd5ckowmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnysiazeloaydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnysiazeloaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnysiazeloaydj6x9ny-1seq-2-2.stats.esomniture[3].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnysiazeloaydj6x9ny-1seq-2-2.stats.esomniture[4].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnysiazeloaydj6x9ny-1seq-2-2.stats.esomniture[5].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnysodzwgoqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnysodzwgoqmdj6x9ny-1seq-2-2.stats.esomniture[3].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyuncpeapgudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywiczocow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Cookies\rickm@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywkdpelqq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\RickM\Local Settings\Temporary Internet Files\Content.IE5\NMKBVL8D\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned with backup
   C:\Documents and Settings\ShawnW\Cookies\shawnw@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\ShawnW\Cookies\shawnw@abetterinternet[3].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\ShawnW\Cookies\shawnw@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\ShawnW\Cookies\shawnw@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\ShawnW\Cookies\shawnw@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
   C:\Documents and Settings\ShawnW\Cookies\shawnw@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
   C:\Documents and Settings\ShawnW\Cookies\shawnw@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
   C:\Documents and Settings\ShawnW\Cookies\shawnw@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\ShawnW\Cookies\shawnw@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   C:\Documents and Settings\ShawnW\Cookies\shawnw@thunderbolt.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\susanh\Cookies\susanh@specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
   C:\Documents and Settings\susanh\Local Settings\Temporary Internet Files\Content.IE5\MZ8RMFEH\house_list[1].htm -> Spyware.BookedSpace : Cleaned with backup
   C:\Documents and Settings\susanh\Local Settings\Temporary Internet Files\Content.IE5\O3CJULOF\movietickets[1].htm -> Spyware.BookedSpace : Cleaned with backup
   C:\Documents and Settings\timk\Cookies\timk@thunderbolt.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\valeriem\Cookies\valeriem@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Documents and Settings\valeriem\Cookies\valeriem@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\valeriem\Cookies\valeriem@abetterinternet[3].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
   C:\Documents and Settings\valeriem\Cookies\valeriem@ads.trafficvenue[1].txt -> Spyware.Cookie.Trafficvenue : Cleaned with backup
   C:\Documents and Settings\valeriem\Cookies\valeriem@ads19.bpath[2].txt -> Spyware.Cookie.Bpath : Cleaned with backup
   C:\D
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: October 13, 2005, 12:45:36 AM »

Hi. You are loaded with spyware.Ewido has done a major clenup so now you will have to fix all the one now.Some of these files and folders may not be the now so dont worry if you cant find them.Just carry out the below instruction and you should be fine.



It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed. Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes



Download any of the required programs before attempting to start any of the fixes.


SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------

To help clean out Trusted Zones,download and run   DELDOMAINS then double click to open the DelDomains.inf .To execute the file: right-click and Select 'Install' from the Menu.


-------------------------------------------------------------------------
Download CCleaner from http://www.ccleaner.com/.
Install it and run it.

Click "Tools" -> "Uninstall"
Select : Command.exe
and click "Delete entry".


--------------------------------------------------------
Files highlighted in BLACK  will need to be removed from your hard drive.
 Folders that have been highlighted RED will need to be uninstalled.
  -----------------------------------------------------------------------

Download and run AboutBuster & CWShredder (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below.


How to setup  AboutBuster version 5

Download AboutBuster

Then unzip all files from the zip folder to a folder or your desktop. Start it and press the OK button. Then hit the update button and a new screen will appear. On that screen press the Check for Updates button..

To scan your machine, press the Start button and then press OK. The program should start scanning. When it is done, press the exit button and reboot. Once rebooted run About:Buster one more time.

This program is updated often so you should always use the built in update feature before you scan with it.


---------------------------------------------------------------------

How to install and run CWShredder

Download CWShredder
Choose the stand alone version. This is free.
Save cwshredder.exe into its own directory, NOT in a TEMPorary folder or on the DESKTOP.
I recommend, c:/program files/CWShredder/
Close all browsers
Unzip into same directory
Doubleclick CWSInstall.exe
Click <Check for updates> and let it install all updates
Click <Fix>
Click <Next>
Close CWShredder//

----------------------------------------------------------------------

Please start by putting your computer in SAFE MODE.  During reboot, tap the F8 key. Select Safe Mode and then run HJT.
--------------------------------------------------------------


Uninstall the following programs (if they still exist) Go into HijackThis->Config->Misc.Tools->Open Uninstall manager

C:\Program Files\webHancer
 C:\Program Files\Media Gateway
 C:\Program Files\SurfAccuracy
C:\Program Files\Yacwza

-----------------------------------------------------------------


Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click End Process for each EXE file  if it is still listed.


C:\WINDOWS\System32\hqgguq.exe
 C:\WINDOWS\msresearch.exe
 C:\Program Files\Yacwza\Elsxjc.exe
 C:\Program Files\SurfAccuracy\SAcc.exe
 C:\WINDOWS\System32\NEWADP~1.EXE
 C:\WINDOWS\System32\mc-58-12-
 C:\WINDOWS\System32\gypfc\trnrq.exe
C:\WINDOWS\System32\aqowxho\envqmq.exe
 C:\WINDOWS\System32\jjlneyj\rplvct.exe
 C:\WINDOWS\System32\plvn\lklvxwqd.exe
 C:\WINDOWS\System32\cfaa\xgne.exe
 C:\WINDOWS\System32\jhbglld\txyompq.exe
 C:\WINDOWS\System32\kjccoqrm\pvrve.exe
 C:\WINDOWS\qymakng.exe
 C:\WINDOWS\System32\dhsr\llfqcb.exe
 C:\WINDOWS\exe82.exe
 C:\WINDOWS\System32\Gtmkrg.exe
C:\Program Files\System Files\System.exe
C:\WINDOWS\System32\Wintab32.exe
 C:\WINDOWS\Nail.exe

-----------------------------------------------------------------


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.quicksearch360.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O4 - HKLM\..\Run: [hqgguq] C:\WINDOWS\System32\hqgguq.exe
O4 - HKLM\..\Run: [msresearch] C:\WINDOWS\msresearch.exe
O4 - HKLM\..\Run: [Tcqgnqoj] C:\Program Files\Yacwza\Elsxjc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [adprot] C:\WINDOWS\System32\NEWADP~1.EXE
O4 - HKLM\..\Run: [NEWADP~1] C:\WINDOWS\System32\NEWADP~1.exe
O4 - HKLM\..\Run: [mc-58-12-] C:\WINDOWS\System32\mc-58-12-
O4 - HKLM\..\Run: [trnrq] C:\WINDOWS\System32\gypfc\trnrq.exe
O4 - HKLM\..\Run: [envqmq] C:\WINDOWS\System32\aqowxho\envqmq.exe
O4 - HKLM\..\Run: [rplvct] C:\WINDOWS\System32\jjlneyj\rplvct.exe
O4 - HKLM\..\Run: [lklvxwqd] C:\WINDOWS\System32\plvn\lklvxwqd.exe
O4 - HKLM\..\Run: [xgne] C:\WINDOWS\System32\cfaa\xgne.exe
O4 - HKLM\..\Run: [txyompq] C:\WINDOWS\System32\jhbglld\txyompq.exe
O4 - HKLM\..\Run: [pvrve] C:\WINDOWS\System32\kjccoqrm\pvrve.exe
O4 - HKLM\..\Run: [qymakng] C:\WINDOWS\qymakng.exe
O4 - HKLM\..\Run: [llfqcb] C:\WINDOWS\System32\dhsr\llfqcb.exe
O4 - HKLM\..\Run: [10b0] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Gtmkrg.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O15 - Trusted Zone: http://*.cnsx.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\System32\qlink32.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Y2hyaXNj\command.exe (file missing)
O23 - Service: envqmqaqowxho - Unknown owner - C:\WINDOWS\System32\aqowxho\envqmq.exe
O23 - Service: llfqcbdhsr - Unknown owner - C:\WINDOWS\System32\dhsr\llfqcb.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\dcecyxr.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\System32\Wintab32.exe



 ---------------------------------------------------------------------------
Open Windows Explorer and delete the following highlighted file/s (or delete the whole folder (Red) if no specific file is given)

 C:\WINDOWS\System32\hqgguq.exe
 C:\WINDOWS\msresearch.exe
 C:\Program Files\Yacwza\Elsxjc.exe
 C:\Program Files\SurfAccuracy\SAcc.exe
 C:\WINDOWS\System32\NEWADP~1.EXE
 C:\WINDOWS\System32\mc-58-12-
 C:\WINDOWS\System32\gypfc\trnrq.exe
C:\WINDOWS\System32\aqowxho\envqmq.exe
 C:\WINDOWS\System32\jjlneyj\rplvct.exe
 C:\WINDOWS\System32\plvn\lklvxwqd.exe
 C:\WINDOWS\System32\cfaa\xgne.exe
 C:\WINDOWS\System32\jhbglld\txyompq.exe
 C:\WINDOWS\System32\kjccoqrm\pvrve.exe
 C:\WINDOWS\qymakng.exe
 C:\WINDOWS\System32\dhsr\llfqcb.exe
 C:\WINDOWS\exe82.exe
 C:\WINDOWS\System32\Gtmkrg.exe
C:\Program Files\System Files\System.exe
 C:\WINDOWS\System32\qlink32.dll
C:\WINDOWS\dcecyxr.exe
C:\WINDOWS\System32\Wintab32.exe
 C:\WINDOWS\Nail.exe

C:\Program Files\webHancer
 C:\Program Files\Media Gateway
 C:\PROGRA~1\VBouncer
 C:\WINDOWS\System32\kjccoqrm
C:\WINDOWS\System32\jhbglld
 C:\WINDOWS\System32\cfaa
C:\WINDOWS\System32\plvn
C:\WINDOWS\System32\jjlney
C:\WINDOWS\System32\aqowxho
 C:\WINDOWS\System32\gypfc
 C:\Program Files\SurfAccuracy
C:\Program Files\Yacwza
C:\PROGRAM FILES\Web Offer
C:\WINDOWS\Y2hyaXNj


------------------------------------------------------------------------
Check that you have carried out all the above steps/fixes and then reboot into Normal Mode and download Cleanup This will  clean out your tempory files.

 
Restart your computer and post a new HijackThis log

« Last Edit: October 13, 2005, 12:54:15 AM by Pancake » Logged

An Australian Member of

EDDY
poyndextr
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 57


Bookmark and Share

View Profile
« Reply #4 on: October 13, 2005, 03:58:31 PM »

Okay...I did all of the things that you had suggested and here is the new hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 9:54:03 AM, on 10/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\ccwtup32.exe
C:\Program Files\Sharp\Sharpdesk\IndexTray.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\PROGRA~1\Sharp\SHARPD~1\Indexer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Pvsw\Bin\w3dbsmgr.exe
C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
\Swissel\c$\Program Files\desktop weather\desktopweather_1253400.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Computer Maintenance\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchforit.com/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchforit.com/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchforit.com/searchbar
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CDI-Services
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\System32\replaceSearch.dll (file missing)
O2 - BHO: Cas - {B5F3970B-745E-46AC-B890-E08F69777D80} - C:\WINDOWS\System32\ca2.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\System32\sfi2.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CalCompUtil] ccwtup32.exe
O4 - HKLM\..\Run: [GTCO.wtxpload] C:\WINDOWS\GTCO\wtxpload.exe GTCO
O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe"
O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: desktop weather.lnk = Program Files\desktop weather\desktopweather_1253400.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\Pvsw\Bin\w3dbsmgr.exe
O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099502056835
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - ms-its:mhtml:file://c:\nesunem.mht!http://adextension.com/ext1/mma.chm::/joysaver.cab
O16 - DPF: {E5F172FE-381A-46A5-BB6B-27681D080088} (DnldCtrlX Control) - http://store.cnsx.com/download/DnldCtrlX.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cdi-services.com
O17 - HKLM\Software\..\Telephony: DomainName = cdi-services.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cdi-services.com
O18 - Protocol: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Y2hyaXNj\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #5 on: October 13, 2005, 11:58:39 PM »


We now need to clean the Nail virus

-----------------------------------------------

1. Please download this revised installer for the Nailfix utility from  Here. DO NOT run it yet.

2. Reboot to Safe Mode

3. Once in Safe Mode, please double-click on nailfix.exe. Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish". Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

-----------------------------------------------------------------------------------

Go to Start > Run and type: services.msc and OK. Look for the below service:

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

When you find it, stop it if it is running, doubleclick on it and change the startup type to Disabled.

Next, go HERE and download SvcProc.reg to your

Desktop. Doubleclick on it to merge it with your Registry and boot into Safe Mode (restart your PC and tap F8 as it restarts)and run Hijack This and check the below entry and click on Fix Checked.

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchforit.com/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchforit.com/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchforit.com/searchbar
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\System32\replaceSearch.dll (file missing)
O2 - BHO: Cas - {B5F3970B-745E-46AC-B890-E08F69777D80} - C:\WINDOWS\System32\ca2.dll (file missing)
O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\System32\sfi2.dll (file missing)
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Y2hyaXNj\command.exe (file missing)

-----------------------------------------------------------
While in safe mode look for and delete these two files if still there

C:\WINDOWS\dinst.exe
C:\WINDOWS\Nail.exe
C:\WINDOWS\System32\sfi2.dll

---------------------------------------

Download CCleaner from http://www.ccleaner.com/.
Install it and run it.

Click "Tools" -> "Uninstall"
Select : Command.exe
and click "Delete entry".
---------------------------------

Post a new log when done.










« Last Edit: October 14, 2005, 12:05:22 AM by Pancake » Logged

An Australian Member of

EDDY
poyndextr
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 57


Bookmark and Share

View Profile
« Reply #6 on: October 14, 2005, 03:09:47 PM »

When I went to delete the three files: dinst.exe, nail.exe, and sfi2.dll...they were not there.  Command.exe was also not there when I went to uninstall it in ccleaner.  I also tried to disable this: O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe, but when I doubleclick on the only thing I can find that resmebles is (System Startup Service), I get a missing file error and can do nothing with it.  The following is the new hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 9:01:35 AM, on 10/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ccwtup32.exe
C:\Program Files\Sharp\Sharpdesk\IndexTray.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\PROGRA~1\Sharp\SHARPD~1\Indexer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Pvsw\Bin\w3dbsmgr.exe
C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
\Swissel\c$\Program Files\desktop weather\desktopweather_1253400.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Computer Maintenance\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CDI-Services
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CalCompUtil] ccwtup32.exe
O4 - HKLM\..\Run: [GTCO.wtxpload] C:\WINDOWS\GTCO\wtxpload.exe GTCO
O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe"
O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: desktop weather.lnk = Program Files\desktop weather\desktopweather_1253400.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\Pvsw\Bin\w3dbsmgr.exe
O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099502056835
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - ms-its:mhtml:file://c:\nesunem.mht!http://adextension.com/ext1/mma.chm::/joysaver.cab
O16 - DPF: {E5F172FE-381A-46A5-BB6B-27681D080088} (DnldCtrlX Control) - http://store.cnsx.com/download/DnldCtrlX.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cdi-services.com
O17 - HKLM\Software\..\Telephony: DomainName = cdi-services.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cdi-services.com
O18 - Protocol: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Y2hyaXNj\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #7 on: October 15, 2005, 12:03:46 AM »

Thats all looking better.Just run HJT and fix these items and see if you can find and delete the (red) folder if its there.

O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - ms-its:mhtml:file://c:\nesunem.mht!http://adextension.com/ext1/mma.chm::/joysaver.cab
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Y2hyaXNj\command.exe

C:\WINDOWS\Y2hyaXNj
Logged

An Australian Member of

EDDY
poyndextr
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 57


Bookmark and Share

View Profile
« Reply #8 on: October 15, 2005, 06:39:54 PM »

I ran hjt and fixed the two items that you said to.  I also went to delete the file you siad to, but it wasn't there.  Afterwards, I ran hjt this again and it looks like one of the files that I fixed is still in the scan.  

Logfile of HijackThis v1.99.1
Scan saved at 12:36:54 PM, on 10/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ccwtup32.exe
C:\Program Files\Sharp\Sharpdesk\IndexTray.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Sharp\SHARPD~1\Indexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Pvsw\Bin\w3dbsmgr.exe
C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
\Swissel\c$\Program Files\desktop weather\desktopweather_1253400.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Computer Maintenance\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchforit.com/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchforit.com/searchbar
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CDI-Services
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CalCompUtil] ccwtup32.exe
O4 - HKLM\..\Run: [GTCO.wtxpload] C:\WINDOWS\GTCO\wtxpload.exe GTCO
O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe"
O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [winshost.exe] C:\WINNT\system32\winshost.exe
O4 - Startup: desktop weather.lnk = Program Files\desktop weather\desktopweather_1253400.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\Pvsw\Bin\w3dbsmgr.exe
O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099502056835
O16 - DPF: {E5F172FE-381A-46A5-BB6B-27681D080088} (DnldCtrlX Control) - http://store.cnsx.com/download/DnldCtrlX.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cdi-services.com
O17 - HKLM\Software\..\Telephony: DomainName = cdi-services.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cdi-services.com
O18 - Protocol: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Y2hyaXNj\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #9 on: October 16, 2005, 12:27:14 AM »

Run Adaware...

How to setup Ad-Aware

Download Ad-Aware
 Save aawsepersonal.exe into its own directory, NOT in a TEMPorary folder or on the Desktop. I recommend c:/program files/Adaware/
Doubleclick aawsepersonal.exe. Make sure to direct the program to install in the c:/program files/adaware/ directory, NOT the default directory.
Open AdAware from Start | Programs | Lavasoft | AdAware.
Select <Check for updates now>, <Proceed>
After installation, run the program and click the start button.Then click the next button. This lets ad-aware scan your computer.
After ad-aware is done running, hit the next button. Then right click the area with the listed spy ware objects.Choose the "Select all objects" option.
At this point all the boxes next to the items should be checked. Then hit the next button.
It will ask if you want to delete the selected objects. Hit the Okay button.
Now most of the spyware should have been deleted from your hard drive.

----------------------------------------------------------------------

Would you go into safe mode and run Ewido...

 Update to the latest definition files.On the left of the main screen click Update.Then click on Start Update.Let it complete the updates.

Now Click on Scanner and Click on Complete System Scan and the scan will start.

During some scans  it may find cases of false positives so you will need to step through the process of cleaning files one-by-one.

If a file is detected you KNOW to be legitimate, select None as the action. Do NOT select 'Perform action on all infections'
 
If you are unsure of any entry found play safe and select None as the action.
----------------------------------------------------------

* Go to start > run and copy and paste next command in the field:

sc delete cmdService

Click OK


--------------------------------------------------------
When all of the above have been done run HJT and then fix these items.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchforit.com/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchforit.com/searchbar
O4 - HKCU\..\Run: [winshost.exe] C:\WINNT\system32\winshost.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Y2hyaXNj\command.exe (file missing)

C:\WINNT\system32\winshost.exe <-- delete this file
« Last Edit: October 16, 2005, 12:33:11 AM by Pancake » Logged

An Australian Member of

EDDY
poyndextr
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 57


Bookmark and Share

View Profile
« Reply #10 on: October 17, 2005, 03:24:08 PM »

The C:\WINNT\system32\winshost.exe file was not present.  Neither were the following (in hjt log):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchforit.com/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchforit.com/searchbar
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Y2hyaXNj\command.exe (file missing)

After doing all of the things you had requested, I ran hjt again.  Here is the new logfile:

Logfile of HijackThis v1.99.1
Scan saved at 9:18:25 AM, on 10/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ccwtup32.exe
C:\Program Files\Sharp\Sharpdesk\IndexTray.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Sharp\SHARPD~1\Indexer.exe
C:\Pvsw\Bin\w3dbsmgr.exe
C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
\Swissel\c$\Program Files\desktop weather\desktopweather_1253400.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Computer Maintenance\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CDI-Services
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CalCompUtil] ccwtup32.exe
O4 - HKLM\..\Run: [GTCO.wtxpload] C:\WINDOWS\GTCO\wtxpload.exe GTCO
O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe"
O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: desktop weather.lnk = Program Files\desktop weather\desktopweather_1253400.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\Pvsw\Bin\w3dbsmgr.exe
O4 - Global Startup: Start Network Scanner Tool.lnk = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099502056835
O16 - DPF: {E5F172FE-381A-46A5-BB6B-27681D080088} (DnldCtrlX Control) - http://store.cnsx.com/download/DnldCtrlX.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cdi-services.com
O17 - HKLM\Software\..\Telephony: DomainName = cdi-services.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cdi-services.com
O18 - Protocol: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #11 on: October 18, 2005, 12:22:44 AM »

Well done,Good job.Thats all looking fine,Your log is now clean.

Please use this as   Your Guide to Spyware Prevention and use the tools provided.
Logged

An Australian Member of

EDDY
poyndextr
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 57


Bookmark and Share

View Profile
« Reply #12 on: October 18, 2005, 04:09:06 PM »

thanks pancake!  you're the man!
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page March 31, 2017, 10:37:07 AM