Hey guys. Got thsi nasty little thign and immediately began your isntuctions on hwo to remove it. For the most aprt I don't get those popups from my taskbar, nor the wheelchair dude, but I do get my Norton Antivirus and Ewido Anti Spyware popping up saying that it has found Adware.PurityScan in the location of

c:\Windows\system32\wuauboot.dll


I tell it to clean and quarantine but both programs just keep popping up witht he same text. Here are my reports after following your instructions.


---------------------------------------------------------

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:15:10 PM 7/14/2006

+ Scan result:



C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\1xag6y2n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\1xag6y2n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.343:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.449:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.70:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.71:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.72:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.76:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.78:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.15:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.16:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.68:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.6:C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\1xag6y2n.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.7:C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\1xag6y2n.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.80:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.81:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.82:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.83:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\1xag6y2n.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.119:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.460:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.461:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.418:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.419:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.10:C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\1xag6y2n.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.14:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.9:C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\1xag6y2n.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.13:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.328:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.329:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.330:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.331:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.332:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.351:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.445:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.43:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.44:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.45:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.284:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.95:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.307:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.338:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.339:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.340:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.353:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.354:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.355:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.356:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.132:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.138:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.139:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.140:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.141:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.142:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.197:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.198:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.199:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.200:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.201:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.202:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.203:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.204:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.205:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.206:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.207:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.208:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.209:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.210:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.211:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.212:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.213:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.214:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.215:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.216:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.217:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.218:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.219:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.220:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.221:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.222:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.223:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.224:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.225:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.226:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.227:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.228:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.229:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.230:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.231:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.232:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.233:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.234:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.235:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.236:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.237:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.238:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.288:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.289:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.290:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.291:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.31:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.32:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.91:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.92:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.93:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.94:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.394:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.395:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.396:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.397:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.398:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.399:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.400:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.401:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.326:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.327:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.386:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.73:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.74:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.75:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\skf8qylz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

SmitFraudFix v2.70

Scan done at 0:04:25.09, Fri 07/14/2006
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\pmnqguh.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismon.exe Deleted
C:\WINDOWS\system32\isnotify.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\DOCUME~1\HP_ADM~1\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

----------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:31:02 PM, on 7/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\82c0aef9.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\{10A24B3F-088C-1033-1115-050507190001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\HP_ADM~1\MYDOCU~1\SSTEM~1\ntvdm.exe
C:\PROGRA~1\COMMON~1\ASEMBL~1\ANREGW~1.EXE
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [82c0aef9.exe] C:\WINDOWS\system32\82c0aef9.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\HP_ADM~1\MYDOCU~1\SSTEM~1\ntvdm.exe" -vt ndrv
O4 - HKCU\..\Run: [Unath] C:\PROGRA~1\COMMON~1\ASEMBL~1\ANREGW~1.EXE
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [82c0aef9.exe] C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\82c0aef9.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wuauboot.dll
O20 - Winlogon Notify: winxtx32 - C:\WINDOWS\SYSTEM32\winxtx32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Went into my Add/Remove Programs program and deleted the stuff that said OIN etc. I havent ahd a problem since. I guess now if you could read over the reports, could you please tell me if there is anything else I need to get rid of or do.

I also just found this program TClock in my taskbar. It ahs changed my clock settings to military time, and I have never installed it. There is no TClock progrma in my Add/Remove Programs, however, there is a c:\Program Files\TClock folder.

Welcome

Copy the contents of the quote box below into a new notepad document (not wordpad).
Click file> save as...> call it getsamples.bat > file types *all files*> and save it to desktop.




@echo off
::attrib -h "%AppData%"
attrib -h -s "C:\PROGRA~1\COMMON~1\ASEMBL~1\*.*"
attrib -h -s "C:\DOCUME~1\HP_ADM~1\MYDOCU~1\SSTEM~1\*.*"
attrib -h -s "C:\WINDOWS\system32\wuauboot.dll"
md %systemdrive%\!submits
for /F "tokens=1,2,3,4 delims=:." %%a in ('echo %time%') do set t=%%a-%%b-%%c-%%d
MD "%systemdrive%\!submits\%t%"
move /y "C:\PROGRA~1\COMMON~1\ASEMBL~1" "%systemdrive%\!submits\%t%\"
for /F "tokens=1,2,3,4 delims=:." %%a in ('echo %time%') do set t=%%a-%%b-%%c-%%d
MD "%systemdrive%\!submits\%t%"
move /y "C:\DOCUME~1\HP_ADM~1\MYDOCU~1\SSTEM~1" "%systemdrive%\!submits\%t%\"
move /y "C:\WINDOWS\system32\wuauboot.dll" %systemdrive%\!submits\
::attrib +h "%AppData%"


Run getsamples.bat



Download Pocket Killbox to the desktop (version 2.0.0.648)
http://www.downloads.subratam.org/KillBox.exe
If you already have killbox ensure it is the latest version. ?
Start Killbox place a tick next to [x]Delete on reboot Press the ALL Files button
Copy this whole list into the windows clipboard, all the Bolded below.

C:\WINDOWS\system32\82c0aef9.exe
C:\Program Files\Common Files\{10A24B3F-088C-1033-1115-050507190001}\Update.exe
C:\Program Files\TClock\TClock.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\82c0aef9.exe
C:\Program Files\TClock\tclock_install.exe
C:\WINDOWS\SYSTEM32\winxtx32.dll


Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt to restart the pc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Once windows has completly loaded

Start Hijackthis and place a check next to these items If there.
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)

O4 - HKLM\..\Run: [82c0aef9.exe] C:\WINDOWS\system32\82c0aef9.exe
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\HP_ADM~1\MYDOCU~1\SSTEM~1\ntvdm.exe" -vt ndrv
O4 - HKCU\..\Run: [Unath] C:\PROGRA~1\COMMON~1\ASEMBL~1\ANREGW~1.EXE
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [82c0aef9.exe] C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\82c0aef9.exe

O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O20 - AppInit_DLLs: C:\WINDOWS\system32\wuauboot.dll
O20 - Winlogon Notify: winxtx32 - C:\WINDOWS\SYSTEM32\winxtx32.dll
====================================
Hit fix checked and close Hijackthis.(not to worry about a hijackthis error)
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Manualy delete these folders

C:\Program Files\ToolBar888
C:\Program Files\TClock

Zip up and Send this entire folder to me please c:\!submits
Send to lonnyATsubratam.org
Replace AT with @ and include a link back to this thread.


Post back with another new hijackthis log, be sure to mention any problems.

Logfile of HijackThis v1.99.1
Scan saved at 12:39:14 PM, on 7/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe




Most of the problems seem to have stopped. I'm just worried now that i may have soem security issues or something. I have had Norton Antivurs pop up a few times saying it has caught new Trojans and stuff, but it seems to delete them every time. But that was before you ahd me take these steps. Do I ahve any more security issues to worry about?

Thanks for sending that
Unfortunatly it was empty, your av program probaly deleted the files, thats ok.
Go ahead and delete the !submits folder and zip

Let me know of any problems opver the next few days, in the meantime Post a report from a free online scan

Dont depend on any one antivirus program go get preferably two free onlines
Now and weekly or bi-weekly
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.

This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a pm and provide a link to the thread.

Applies only to the original topic starter.

Thank you Lonny