NewDotNet & Winfixer - can't get rid of them

**Little Oscar** · 2006-04-03, 04:05

Thanks for looking at this. NewDotNet shows up on S&D scan, but does not get fixed even after restarting as instructed. I've tried several possible fixes that I found on the web including the uninstall on NDN website. Nothing has worked. At the same time, LS Ad-Aware reboots computer when 1st critical object shows up. I was able to stop the scan to see that it was WINFIXER before it rebooted. Computer crawls from application to application now. Web pages stall periodically. I'm a novice and don't know what to do now. I updated S&D and LS A-A before running HijackThis. Thanks for any help you can give!
Logfile of HijackThis v1.99.1
Scan saved at 6:58:00 PM, on 4/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rss.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (disabled by BHODemon)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (disabled by BHODemon)
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\vtstu.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\vtstt.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (disabled by BHODemon)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVDN] C:\WINDOWS\LVDN.exe
O4 - HKLM\..\Run: [secsrvrc] C:\WINDOWS\System32\secsrvrc.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [RpcSubSystem] C:\WINDOWS\system32\rss.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [NI.UWAS6_0001_N68M2301] "C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\OJML6XML\WinAntiSpyware2006FreeInstall[1].exe" -nag
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pwiarq.exe reg_run
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: ConferenceRoom Java Client - http://glass.webmaster.com:8000/java/cr.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: vtstt - vtstt.dll (file missing)
O20 - Winlogon Notify: vtstu - C:\WINDOWS\system32\vtstu.dll
O20 - Winlogon Notify: winres32 - C:\WINDOWS\SYSTEM32\winres32.dll
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: SMX regulator (Windows SMX) - Unknown owner - C:\WINDOWS\winsmx.exe (file missing)

**LonnyRJones** · 2006-04-07, 06:52

Sorry for the delay
If your not being assisted at another forum ? >
Please download VundoFix.exe
to your desktop.
Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Wait two minutes then Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

**Little Oscar** · 2006-04-09, 00:59

Thank you, Lonny. Here are the results of VundoFix & HijackThis:

C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\utstv.tmp
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstb.bak2
C:\WINDOWS\system32\utstv.tmp
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\utstv.tmp
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\vtstu.dll

Logfile of HijackThis v1.99.1
Scan saved at 5:49:00 PM, on 4/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\SYSTEM32\RSS.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN.EXE
C:\PROGRAM FILES\MSN\MSNIA\CC\MSNCC\MSNCC.EXE
C:\PROGRAM FILES\MSN\MSNIA\CC\MSNCC\WA\MSNACCEL.EXE
C:\hijackthis\HijackThis.exe
C:\hijackthis\HijackThis.exe
C:\hijackthis\HijackThis.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (disabled by BHODemon)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (disabled by BHODemon)
O2 - BHO: (no name) - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (disabled by BHODemon)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVDN] C:\WINDOWS\LVDN.exe
O4 - HKLM\..\Run: [secsrvrc] C:\WINDOWS\System32\secsrvrc.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [RpcSubSystem] C:\WINDOWS\system32\rss.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [NI.UWAS6_0001_N68M2301] "C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\OJML6XML\WinAntiSpyware2006FreeInstall[1].exe" -nag
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pwiarq.exe reg_run
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: ConferenceRoom Java Client - http://glass.webmaster.com:8000/java/cr.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E40B955-332F-49BE-9B6B-E30793DA6E0F}: NameServer = 198.6.100.218 198.6.1.218
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: vtstt - vtstt.dll (file missing)
O20 - Winlogon Notify: winres32 - C:\WINDOWS\SYSTEM32\winres32.dll
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: SMX regulator (Windows SMX) - Unknown owner - C:\WINDOWS\winsmx.exe (file missing)

Next step?
Oscar

**LonnyRJones** · 2006-04-09, 01:53

In addremove programs uninstall WINFIXER if listed
Optional uninstalls>
uninstall any mywebsearch programs.
uninstall any viewpoint programs.

Turn off SpyBots tea timer and the bigfix program for now

Open a command prompt (start run type cmd press enter) type
sc delete "Windows SMX"
press enter, type exit and press enter to exit the command prompt

Start Hijackthis and place a check next to these items If there.
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - (no file)
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - (no file)
O4 - HKLM\..\Run: [LVDN] C:\WINDOWS\LVDN.exe
O4 - HKLM\..\Run: [secsrvrc] C:\WINDOWS\System32\secsrvrc.exe
O4 - HKLM\..\Run: [RpcSubSystem] C:\WINDOWS\system32\rss.exe
O4 - HKLM\..\Run: [NI.UWAS6_0001_N68M2301] "C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\OJML6XML\WinAntiSpyware2006FreeInstall[1].exe" -nag
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pwiarq.exe reg_run
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
====================================
Hit fix checked and close Hijackthis.

Download Pocket Killbox to the desktop
http://www.downloads.subratam.org/KillBox.exe
If you already have killbox what version is it ?
Start Killbox place a tick next to [x]Delete on reboot Press the ALL Files button
Copy this whole list into the windows clipboard, all the Bolded below.

C:\WINDOWS\SYSTEM32\winres32.dll
C:\WINDOWS\LVDN.exe
C:\WINDOWS\System32\secsrvrc.exe
C:\WINDOWS\system32\rss.exe
C:\WINDOWS\winsmx.exe

Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt to restart the pc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post a fresh hijackthis log please

**Little Oscar** · 2006-04-09, 19:03

Lonny - Tasks accomplished. Here's the current HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:57:10 AM, on 4/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN.EXE
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\PROGRAM FILES\MSN\MSNIA\CC\MSNCC\MSNCC.EXE
C:\PROGRAM FILES\MSN\MSNIA\CC\MSNCC\WA\MSNACCEL.EXE
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

http=127.0.0.1:9022
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (disabled by BHODemon)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1

\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN

Apps\ST\01.03.0000.1005\en-xu\stmain.dll (disabled by BHODemon)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN

Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft

Money\System\mnyviewer.dll (disabled by BHODemon)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN

Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006

\pccguide.exe"
O4 - HKLM\..\Run: [NI.UWAS6_0001_N68M2301] "C:\Documents and Settings\Julie\Local

Settings\Temporary Internet Files\Content.IE5\OJML6XML\WinAntiSpyware2006FreeInstall[1].exe" -

nag
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Update Page Content - C:\Program

Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program

Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program

Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program

Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32

\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program

Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: ConferenceRoom Java Client - http://glass.webmaster.com:8000/java/cr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E40B955-332F-49BE-9B6B-E30793DA6E0F}: NameServer =

198.6.100.218 198.6.1.218
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: vtstt - vtstt.dll (file missing)
O20 - Winlogon Notify: winres32 - winres32.dll (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32

\PackethSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. -

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. -

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1

\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1

\INTERN~1\tmproxy.exe

**LonnyRJones** · 2006-04-09, 23:04

Hi

Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.

Code:

REGEDIT4
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NI.UWAS6_0001_N68M2301"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtstt]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winres32]

Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.
Restart your PC.

Post another Hijackthis log, this time try turning on wordwrap so the formating stays the same.

Post a report from one or both of these free online scans
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.

**Little Oscar** · 2006-04-10, 06:30

Lonny - Done. Here are the log & reports:

Logfile of HijackThis v1.99.1
Scan saved at 8:37:39 PM, on 4/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN.EXE
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\PROGRAM FILES\MSN\MSNIA\CC\MSNCC\MSNCC.EXE
C:\PROGRAM FILES\MSN\MSNIA\CC\MSNCC\WA\MSNACCEL.EXE
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (disabled by BHODemon)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (disabled by BHODemon)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (disabled by BHODemon)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: ConferenceRoom Java Client - http://glass.webmaster.com:8000/java/cr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E40B955-332F-49BE-9B6B-E30793DA6E0F}: NameServer = 198.6.100.218 198.6.1.218
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

I ran the Panda scan, but it's too much volume to send. It will follow shortly as Part 2. Sorry.

**Little Oscar** · 2006-04-10, 06:36

From Panda:

Incident Status Location

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\PROGRAM FILES\MSN MESSENGER\RICHED20.dll
Adware:adware/gator Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\bundle.inf
Adware:adware/keenvalue Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\IncrediFindBHOLog.tmp
Adware:adware/sqwire Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\tsinstall_4_0_3_1.exe
Adware:adware/deskwizz Not disinfected C:\WINDOWS\SYSTEM32\ad.html
Potentially unwanted tool:application/mywebsearch Not disinfected C:\WINDOWS\SYSTEM32\f3PSSavr.scr
Adware:adware/comet Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\cc.inf
Potentially unwanted tool:application/funweb Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf
Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Julie\Application Data\tvmknwrd.dll
Spyware:spyware/apropos Not disinfected C:\contextplus.exe
Spyware:spyware/searchcentrix Not disinfected C:\WINDOWS\adrsb.exe
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\adtech2006.exe
Adware:adware/exact.bargainbuddy Not disinfected C:\WINDOWS\bargain2.exe
Adware:adware/ncase Not disinfected C:\WINDOWS\msbbi.exe
Spyware:spyware/new.net Not disinfected C:\WINDOWS\NDNuninstall7_22.exe
Adware:adware/sidesearch Not disinfected C:\PROGRAM FILES\Lycos
Adware:adware/wintools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\msiein
Adware:adware/vaultsearch Not disinfected C:\PROGRAM FILES\COMMON FILES\VCClient
Adware:adware/downloadware Not disinfected Windows Registry
Potentially unwanted tool:application/winantispyware2006 Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\WINANTISPYWARE 2006 SCANNER
Spyware:spyware/virtumonde Not disinfected Windows Registry
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Julie\Cookies\julie@statcounter[1].txt
Virus:Trj/VB.KN Not disinfected C:\31567.exe
Adware:Adware/DollarRevenue Not disinfected C:\4252.exe
Adware:Adware/DollarRevenue Not disinfected C:\462.exe
Virus:Trj/Agent.AWK Not disinfected C:\contextplus.exe
Spyware:Cookie/Centralmedia Not disinfected C:\Documents and Settings\Friend\Cookies\friend@centralmedia[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Friend\Cookies\friend@go[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Friend\Cookies\friend@rightmedia[1].txt
Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Friend\Local Settings\Temp\saveinstwm.exe
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Friend\Local Settings\Temp\~363009.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Friend\Local Settings\Temp\~566777.tmp
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Julie\Cookies\julie@statcounter[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\julie@ad.yieldmanager[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\julie@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\julie@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\julie@burstnet[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\julie@c.enhance[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\julie@com[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\julie@ct.360i[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\julie@dist.belnk[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\julie@i.screensavers[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\julie@rightmedia[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\Cookies\julie@www.burstbeacon[1].txt
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\PccMsi\backup\T\60204000.DAT
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\temp.fr9A56\common.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\temp.fr9A56\TBPS.exe
Adware:Adware/SearchWWW Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\temp.fr9A56\Update\toolbar.dll
Adware:Adware/TVMedia Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\Tvm.upd
Don't know what the deal is! Part 3 to follow. I hope.

**Little Oscar** · 2006-04-10, 06:39

2nd half of Panda scan:

Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~311142.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~341875.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~348716.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~357445.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~365063.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~377593.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~379563.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~379737.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~399579.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~407990.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~427772.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~483016.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~485747.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~501555.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~504128.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~514687.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~527434.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~549571.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~556961.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~589044.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~641485.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~670198.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~702405.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~756531.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~770923.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~795155.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~795204.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~822387.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~824373.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~861565.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~908901.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~918897.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~938291.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~954878.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Julie\Local Settings\Temp\~991832.tmp

Still too big! This is insane! I'm so sorry! Part 4 should be the end.

**Little Oscar** · 2006-04-10, 06:40

Panda scan - the end.
Virus:W32/Sdbot.GIL.worm Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0JBL4EOG\3zvo80[1].jpg
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0JBL4EOG\77p6ov[1].jpg
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0JBL4EOG\Installer[1].exe
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0JBL4EOG\NNSCAA638[1].EXE
Virus:W32/Sdbot.FXH.worm Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0JBL4EOG\Picture_9[1].exe
Virus:Trj/VB.KN Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0JB34EX\dnvzd6[1].jpg
Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\H0JB34EX\ZICORN001[1].exe
Virus:Bck/Agent.BDP Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PQRST34W\10ngy7r[1].jpg
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PQRST34W\sjq3lg[1].jpg
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XP8ISTUV\77p6ov[1].jpg
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XP8ISTUV\winsysupd3[1].exe
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\do_work\awfvsmdj.exe
Adware:Adware/Look2Me Not disinfected C:\Installer.exe
Spyware:Spyware/New.net Not disinfected C:\NNSCAA638.EXE
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MSN Messenger\riched20.dll
Virus:Bck/Agent.BDP Not disinfected C:\TmpSs32.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\adtech2006.exe
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Virus:W32/Sdbot.FXH.worm Not disinfected C:\WINDOWS\msvcrs.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_22.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\SnVsaWU\mBpPuqo.vbs
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\ad.html
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\AdService.dll
Adware:Adware/VirtualBouncer Not disinfected C:\WINDOWS\system32\BO2802040113.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\system32\f3PSSavr.scr
Adware:Adware/NetPals Not disinfected C:\WINDOWS\system32\Ia1cm.dll
Virus:W32/Sdbot.GIL.worm Not disinfected C:\WINDOWS\temp\eraseme_85423.exe
Adware:Adware/Sqwire Not disinfected C:\WINDOWS\temp\tsinstall_4_0_4_0_b4.exe
Adware:Adware/Zenosearch Not disinfected C:\ZICORN001.exe

Thread: NewDotNet & Winfixer - can't get rid of them

Thread Tools

Display

NewDotNet & Winfixer - can't get rid of them

NDN & WinFixer help result1

NewDotNet & WinFixer continued

NewDotNet & WinFixer Part 1

NewDotNet & WinFixer Part 2

NewDotNet & WinFixer Part 3

NewDotNet & WinFixer Part 4

Posting Permissions