CmdService, Hijacked Browser...

[Liberty]

I have no idea what all is going on. My computer is slower than it should be, every scan I run tells me I have CmdService that I cannot get rid of and my browser gets hijacked constantly by some type of adware - I am sure that is not the extent of it. I am going nuts, to the point of considering reformatting my hard drive and being done with it.

It may take me a day or so to respond at times, my dsl is out and the guy who built my computer did not think it was important to have a decent dial-up modem for back-up so I am working with a 28K if you can imagine. So downloading progs you may recommend will take time. Couple that with being a work at home mom and you can see just how possible it is that my response time may not be what I would like.

Here is my HJT log and thanks in advance for your help. I am really looking forward to it and am grateful already for this forum.

----------------

Logfile of HijackThis v1.99.1
Scan saved at 1:38:23 AM, on 1/28/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\chache32.exe
C:\WINDOWS\Q2hhZCBKb2huc29u\command.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\msappview32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://shepherdess-ministries.org/smBB/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe
O4 - HKLM\..\Run: [winsystems25] winsystems.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban3.exe
O4 - HKLM\..\Run: [syscat] syscat.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\HP\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [updatesys] updateauto.exe
O4 - HKLM\..\Run: [cc32] C:\WINDOWS\System32\cc32.exe
O4 - HKLM\..\Run: [Microsoft Application Viewer] msappview32.exe
O4 - HKLM\..\Run: [WinDLL (steam.dll)] rundll32.exe C:\WINDOWS\System32\steam.dll,start
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\bm22.exe
O4 - HKLM\..\Run: [WindowsUpdatetes] justest.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\System32\lass.exe
O4 - HKLM\..\Run: [cd64] C:\WINDOWS\System32\cd64.exe
O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] lattt.exe
O4 - HKLM\..\RunServices: [Microsoft Application Viewer] msappview32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [EssentialPIM Pro] "C:\Program Files\EssentialPIM Pro\EssentialPIM.exe" /autorun
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1223B679-3A38-4EB0-A170-A58F703ACCA5} (ImStarter Class) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
O16 - DPF: {456181F4-E9D0-4365-92AB-1169AF02A7B4} (Ccompctrl Object) - https://www.insiderpages.com/download/wizard/atlcomp.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXCab.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://workfrmhomemom.multiply.com/photos/uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.19/ttinst.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E7D2E83-3BD7-4711-AD4E-EA30D971BB3D}: NameServer = 205.152.144.235 205.152.37.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E7D2E83-3BD7-4711-AD4E-EA30D971BB3D}: NameServer = 205.152.144.235 205.152.37.254
O20 - AppInit_DLLs: r!3.cpl
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\n6n60g5se6.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Service Chache (chache32) - Unknown owner - C:\WINDOWS\System32\chache32.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hhZCBKb2huc29u\command.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: mswmf32 - Unknown owner - C:\WINDOWS\mswmf32.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

[illukka]

hi

welcome to the forums..

that log looks badly infected, looks like there are several backdoors and viruses. you may want to contact you bank and credit card company for possible unauthorised transactions!!

IMPORTANT- You need to disconnect this PC from the internet and from your network if it is on a network. Then, acceess this information from a non-compromised computer to follow the steps needed.

you need to take steps to protect your information that may have been compromised. I recommend these steps for action:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

I am going nuts, to the point of considering reformatting my hard drive and being done with it.

this is something i dont like to recommend normally, but with a computer this badly infected it would be the best solution for your safety

if you still wish to continue cleaning this, it would be best to use another conputer to download the necessary tools, it will take time on a 28k
has your ISP been contacted?


Please follow the instructions provided, you may want to print out these instructions and use them as a reference. Or copy the text here to an empty notepad window, then save as txt to a convenient place

Please download ewido anti malware it is a free version of the program.

1. Install ewido security suite
2. When installing, under "Additional Options" uncheck..
   • Install background guard
   • Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
   
6. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

then launch ewido:

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido security suite.

reboot back to normal mode,

next: do an online virus scan:
go to http://www.bitdefender.com/scan/licence.php

do a full scan of system, allow it to clean infections
once the scan is complete it will show a report page, copy the text of the page into a notepd window, then save it as text to a place where you will easily find it later

then reboot the computer to complete the removal

do another scan with hijackthis, post its log , the ewido report and the results of the bitdefender scan thank you

NOTE: the scan logs can be rather large, you may need several posts to include them all. alternately you may send them to my email as attachments:
address is illukka#usermaildotcom (where #=@ and dot = . )
Please include in your mail a link to here so i know where its from

thank you and good luck for the cleaning :bigthumb:

 

[Liberty]

Thank you very much. I am going to take some time this morning and decide what I should do - clean it or reformat it.

Thanks again. LOL not quite the news I wanted to hear, but not much of a surprise either.

Let me ask you a question. I was on dsl forever and had not the first issue. Scans showed a few minor issues here and there, but never like it is now. Then my dsl went down and I have been working with dial-up and bam my computer started having problems. This has only been about two weeks. Is it possible my computer has become so badly infected in that short amount of time? Or is it some of these problems have existed for longer and the effects are simply catching up with me?

Thanks again. Will let you know how I decide to handle this shortly.

 

[illukka]

hi

do you know why your dsl went down? was it a hardware issue, or did your ISP close your line because the machine was doing port scans and sending spam because of the infections?

 

[Liberty]

It was a wiring problem outside of the house. It has been down and disconnected since December 27th and I have been working with dial-up since maybe the second week of January.

 

[illukka]

the major problem is this:

Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

an unpatched system: no windows service packs

i think the dsl modem likely had a built-in hardware firewall or router in it

and unpatched system will last only minutes on the internet without a firewall

whether you decide to clean it or format it the first thing you must do is to get a software or hardware firewall

 

[Liberty]

Okay - guess I am not as net savvy as I thought - probably more of an understatement than I realize

I think for the time being I am going to attempt to clean this until I can get to a point that I can effectually do a reformat.

I am about to reboot and run ewido in Safe Mode like you suggested.

In the meantime - what firewalls do you recommend - possibly freeware and also hardware.

Thanks so much

Liberty

 

[Liberty]

Oh I also forgot to ask/mention -

I had a computer that was set up for the automatic updates. When it would do an update my computer would act stupid so I stopped getting the automatic updates and just got in the habit of not worrying about it.

When I got this computer I never thought to worry about the updates.

At what point during this cleanup process should I get the patches?

Okay off to reboot.

Liberty

 

[illukka]

first thing is a firewall, it will stop those network worms, then when we're almost through the cleaning process we can go for the updates ( on a 28 downloading them will last ages , there will be hundreds of megabytes of updates )


For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

 

[Liberty]

2nd HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 3:55:27 PM, on 1/28/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\syscat.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\updateauto.exe
C:\WINDOWS\System32\justest.exe
C:\WINDOWS\System32\picviewer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\EssentialPIM Pro\EssentialPIM.exe
C:\Program Files\EssentialPIM Pro\EssentialPIM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [syscat] syscat.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\HP\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [updatesys] updateauto.exe
O4 - HKLM\..\Run: [WinDLL (steam.dll)] rundll32.exe C:\WINDOWS\System32\steam.dll,start
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\bm22.exe
O4 - HKLM\..\Run: [WindowsUpdatetes] justest.exe
O4 - HKLM\..\Run: [securitysys] picviewer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [EssentialPIM Pro] "C:\Program Files\EssentialPIM Pro\EssentialPIM.exe" /autorun
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1223B679-3A38-4EB0-A170-A58F703ACCA5} (ImStarter Class) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
O16 - DPF: {456181F4-E9D0-4365-92AB-1169AF02A7B4} (Ccompctrl Object) - https://www.insiderpages.com/download/wizard/atlcomp.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXCab.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://workfrmhomemom.multiply.com/photos/uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.19/ttinst.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
O20 - AppInit_DLLs: r!3.cpl
O20 - Winlogon Notify: Group Policy - C:\WINDOWS\system32\i0240afqed2e0.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Service Chache (chache32) - Unknown owner - C:\WINDOWS\System32\chache32.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hhZCBKb2huc29u\command.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: mswmf32 - Unknown owner - C:\WINDOWS\mswmf32.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

[Liberty]

Ewido Log - Part I

I have the BitDefender one too - I will be back with that one shortly.

I am almost embarrassed to post the ewido report. Good Grief.


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:44:22 PM, 1/28/2006
+ Report-Checksum: DDD8AF9B

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
[604] C:\WINDOWS\system32\pqrfts.dll -> Spyware.Look2Me : Cleaned with backup
C:\!KillBox\drsmartload1.exe -> Downloader.Adload.j : Cleaned with backup
C:\!KillBox\drsmartload46a.exe -> Downloader.Adload.j : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\gf4458xx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\gf4458xx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\gf4458xx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\gf4458xx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\gf4458xx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\gf4458xx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\gf4458xx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\gf4458xx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chad\Cookies\chad@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Chad\ddddreve.exe -> Downloader.Adload.j : Cleaned with backup
C:\Documents and Settings\Chad\Local Settings\Temp\temp.fr1363 -> Spyware.CommAd : Cleaned with backup
C:\Documents and Settings\Chad\Local Settings\Temp\temp.frC74D -> Adware.CommAd : Cleaned with backup
C:\Documents and Settings\Chad\Local Settings\Temporary Internet Files\Content.IE5\CT6B092J\drsmartload46a[1].exe -> Downloader.Adload.j : Cleaned with backup
C:\Documents and Settings\Chad\Local Settings\Temporary Internet Files\Content.IE5\CT6B092J\MTE3MTk6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
C:\Documents and Settings\Chad\Local Settings\Temporary Internet Files\Content.IE5\CT6B092J\winsysupd3[1].exe -> Hijacker.StartPage.ahg : Cleaned with backup
C:\Documents and Settings\Chad\Local Settings\Temporary Internet Files\Content.IE5\OTYF45UF\winsysban3[1].exe -> Hijacker.VB.kc : Cleaned with backup
C:\Documents and Settings\Chad\Local Settings\Temporary Internet Files\Content.IE5\YXP9LRQ3\drevil[1].exe -> Downloader.Adload.j : Cleaned with backup
C:\Documents and Settings\Chad\sadf.exe -> Downloader.Adload.j : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G9UF896F\cashme[1].exe -> Downloader.Adload.j : Cleaned with backup
C:\drsmartload46a.exe -> Downloader.Adload.j : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
:mozilla.32:C:\RECYCLER\NPROTECT\01610499.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610499.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610499.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610499.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610499.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610499.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610499.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610499.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610499.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610499.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610499.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610499.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610606.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610606.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610606.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610606.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610606.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610606.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610606.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610606.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610606.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610606.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610606.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610608.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610608.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610608.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610608.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610608.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610608.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610608.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610608.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610608.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610608.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610608.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610609.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610609.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610609.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610609.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610609.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610609.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610609.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610609.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610609.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610609.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610609.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610612.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610612.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610612.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610612.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610612.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610612.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610612.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610612.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610612.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610612.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610612.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610613.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610613.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610613.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610613.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610613.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610613.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610613.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610613.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610613.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610613.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610613.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610614.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610614.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610614.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610614.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610614.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610614.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610614.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610614.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610614.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610614.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610614.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610615.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610615.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610615.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610615.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610615.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610615.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610615.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610615.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610615.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610615.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610615.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610620.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610620.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610620.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610620.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610620.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610620.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610620.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610620.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610620.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610620.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610620.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610621.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610621.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610621.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610621.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610621.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610621.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610621.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610621.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610621.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610621.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610621.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610622.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610622.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610622.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610622.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610622.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610622.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610622.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610622.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610622.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610622.MOZ ->

 

[Liberty]

Ewido Log - Part II

Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610622.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610623.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610623.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610623.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610623.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610623.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610623.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610623.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610623.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610623.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610623.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610623.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610624.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610624.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610624.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610624.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610624.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610624.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610624.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610624.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610624.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610624.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610624.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610625.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610625.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610625.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610625.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610625.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610625.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610625.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610625.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610625.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610625.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610625.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610626.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610626.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610626.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610626.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610626.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610626.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610626.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610626.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610626.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610626.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610626.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610629.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610629.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610629.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610629.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610629.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610629.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610629.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610629.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610629.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610629.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610629.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610630.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610630.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610630.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610630.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610630.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610630.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610630.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610630.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610630.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610630.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610630.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610631.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610631.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610631.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610631.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610631.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610631.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610631.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610631.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610631.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610631.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610631.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610636.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610636.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610636.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610636.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610636.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610636.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610636.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610636.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610636.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610636.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610636.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610637.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610637.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610637.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610637.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610637.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610637.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610637.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610637.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610637.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610637.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610637.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610638.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610638.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610638.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610638.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610638.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610638.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610638.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610638.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610638.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610638.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610638.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\01610677.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\01610677.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\RECYCLER\NPROTECT\01610677.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\01610677.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\01610677.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\01610677.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610677.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01610677.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\01610677.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\01610677.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.133:C:\RECYCLER\NPROTECT\01610677.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.37:C:\RECYCLER\NPROTECT\01610680.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.38:C:\RECYCLER\NPROTECT\01610680.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\RECYCLER\NPROTECT\01610680.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\01610680.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\01610680.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\01610680.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\01610680.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.55:C:\RECYCLER\NPROTECT\01610680.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.68:C:\RECYCLER\NPROTECT\01610680.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.69:C:\RECYCLER\NPROTECT\01610680.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.135:C:\RECYCLER\NPROTECT\01610680.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.38:C:\RECYCLER\NPROTECT\01612154.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\RECYCLER\NPROTECT\01612154.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.40:C:\RECYCLER\NPROTECT\01612154.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01612154.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\01612154.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\01612154.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.55:C:\RECYCLER\NPROTECT\01612154.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.56:C:\RECYCLER\NPROTECT\01612154.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.69:C:\RECYCLER\NPROTECT\01612154.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.70:C:\RECYCLER\NPROTECT\01612154.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.136:C:\RECYCLER\NPROTECT\01612154.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.38:C:\RECYCLER\NPROTECT\01612242.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\RECYCLER\NPROTECT\01612242.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.40:C:\RECYCLER\NPROTECT\01612242.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\01612242.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\01612242.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\01612242.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\01612242.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.55:C:\RECYCLER\NPROTECT\01612242.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.68:C:\RECYCLER\NPROTECT\01612242.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.69:C:\RECYCLER\NPROTECT\01612242.MOZ -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.135:C:\RECYCLER\NPROTECT\01612242.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\WINDOWS\cashmeex.exe -> Downloader.Adload.j : Cleaned with backup
C:\WINDOWS\cpbrkpie.ocx -> Spyware.Coupons : Cleaned with backup
C:\WINDOWS\system32\aziiiexx.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\cachemonie.exe/rasermset.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\system32\cachemonie.exe/drset.exe -> Downloader.Adload.j : Cleaned with backup
C:\WINDOWS\system32\cashme.exe -> Downloader.Adload.j : Cleaned with backup
C:\WINDOWS\system32\cc32.exe -> Proxy.Agent.ic : Cleaned with backup
C:\WINDOWS\system32\cd64.exe -> Proxy.Agent.ic : Cleaned with backup
C:\WINDOWS\system32\chache32.exe -> Backdoor.Agent.po : Cleaned with backup
C:\WINDOWS\system32\dFdramp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\drset.exe -> Downloader.Adload.j : Cleaned with backup
C:\WINDOWS\system32\kgdbu.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ktdtat.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lass.exe -> Proxy.Ranky.dy : Cleaned with backup
C:\WINDOWS\system32\lattt.exe -> Backdoor.Rbot.aeu : Cleaned with backup
C:\WINDOWS\system32\mhutb.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mpdxmlc.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\msappview32.exe -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\system32\mssvcc.exe -> Backdoor.Rbot.aeu : Cleaned with backup
C:\WINDOWS\system32\mvnql9551.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\oltext32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\p2n80c5uef.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\pqrfts.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\qgery.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\rasermset.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\system32\rmcdll.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\spread.exe -> Backdoor.Rbot.aeu : Cleaned with backup
C:\WINDOWS\system32\steam.dll -> Backdoor.Akbot.a : Cleaned with backup
C:\WINDOWS\system32\tmflog.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\winsystems.exe -> Backdoor.Rbot.aeu : Cleaned with backup
C:\WINDOWS\winsysban2.exe -> Hijacker.VB.kc : Cleaned with backup
C:\WINDOWS\winsysban3.exe -> Hijacker.VB.kc : Cleaned with backup
C:\WINDOWS\winsysupd2.exe -> Hijacker.StartPage.ahg : Cleaned with backup
C:\WINDOWS\winsysupd3.exe -> Hijacker.StartPage.ahg : Cleaned with backup


::Report End

 

[Liberty]

After I ran Ewido in Safe Mode and rebooted to do the online scan at BitDefender I had no issue with the hijacking of the browser. But somewhere in the midst of running the online virus scan the hijacking started again. I don't know if that is important or not. Just thought I would let you know.

Okay I have to format the BD log and I will post it shortly. It saved in html and goes on forever if I just copy and paste it.

Thanks

Liberty

 

[Liberty]

I just sent the log(s) to you via email rather than try to make it work for the forum.

Liberty

 

[illukka]

I am almost embarrassed to post the ewido report. Good Grief.

dont be, its not the longest ive seen

check that firewall link, if you connect an unpatched windows machine to the internet you get a new worm in just minutes
a firewall is your best friend

 

[Liberty]

Firewall installed

Okay I have Sunbelt Kerio installed and running.

What should I do next?

Liberty

 

[illukka]

hi

thanks for the logs

print this, or save the text into a convenient place to be viewed in safe mode when this page is not available

download killbox from here: http://www.downloads.subratam.org/KillBox.zip

unzip it to a folder on your desktop

reboot into safe mode

run hijackthis, click scan, put checkmarks next to these:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O4 - HKLM\..\Run: [syscat] syscat.exe
O4 - HKLM\..\Run: [updatesys] updateauto.exe
O4 - HKLM\..\Run: [WinDLL (steam.dll)] rundll32.exe C:\WINDOWS\System32\steam.dll,start
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\bm22.exe
O4 - HKLM\..\Run: [WindowsUpdatetes] justest.exe
O4 - HKLM\..\Run: [securitysys] picviewer.exe
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.19/ttinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
O20 - AppInit_DLLs: r!3.cpl
O23 - Service: Service Chache (chache32) - Unknown owner - C:\WINDOWS\System32\chache32.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hhZCBKb2huc29u\command.exe (file missing)
O23 - Service: mswmf32 - Unknown owner - C:\WINDOWS\mswmf32.exe (file missing)

close all browser and exlplorer windows
and click fix checked

doubleclick on killbox.exe to run it

tick delete on reboot, click process all files

highlight the following list, then press ctrl+c to copy it to the clipboard

C:\WINDOWS\system32\updateauto.exe
C:\WINDOWS\system32\syscat.exe
C:\WINDOWS\system32\mswwmf.exe
C:\WINDOWS\system32\i
C:\WINDOWS\System32\updateauto.exe
C:\WINDOWS\System32\justest.exe
C:\WINDOWS\System32\picviewer.exe
C:\WINDOWS\mswmf32.exe
C:\WINDOWS\Q2hhZCBKb2huc29u\command.exe
C:\WINDOWS\System32\chache32.exe

then click the button that looks like a stop sign
allow the reboot, if it doesnt happen automatically do it yourself

when back to normal mode post a new hjt log

report all error messages, thank you

 

[Liberty]

New HJT - 3rd log

Logfile of HijackThis v1.99.1
Scan saved at 7:39:23 PM, on 1/28/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\mdxlnmq32.exe
C:\WINDOWS\System32\msappview32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\EssentialPIM Pro\EssentialPIM.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\EssentialPIM Pro\EssentialPIM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Hijack This\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\HP\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Network Host Service] mdxlnmq32.exe
O4 - HKLM\..\Run: [Microsoft Application Viewer] msappview32.exe
O4 - HKLM\..\RunServices: [Network Host Service] mdxlnmq32.exe
O4 - HKLM\..\RunServices: [Microsoft Application Viewer] msappview32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [EssentialPIM Pro] "C:\Program Files\EssentialPIM Pro\EssentialPIM.exe" /autorun
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1223B679-3A38-4EB0-A170-A58F703ACCA5} (ImStarter Class) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {456181F4-E9D0-4365-92AB-1169AF02A7B4} (Ccompctrl Object) - https://www.insiderpages.com/download/wizard/atlcomp.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138486157543
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138486091434
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXCab.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://workfrmhomemom.multiply.com/photos/uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\m6lslg3716.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Service Chache (chache32) - Unknown owner - C:\WINDOWS\System32\chache32.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hhZCBKb2huc29u\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

[illukka]

hi

there still are a lot of infected items.. looks like some viruses have still got through

i dont see an antivirus software, take a look at this free anti virus:
http://www.avast.com/eng/download-avast-home.html
download, install and
update it, then scan, let it remove what it finds

reboot

post a new hjt log

now that you have an antivirus and a firewall we have some hope of cleaning the machine
without these you will just pick up new infections faster than we can clean them

 

[Liberty]

Am getting on that ty. I did have both a firewall and a anti-virus through Bellsouth, but when my dsl went down the Bellsouth Internet Security did not work with my dial-up and prevented me from using it. Sigh.

Hindsight is always 20/20.