surf sidekick

M

markus212

New member
Recently I have had an enormous amount of pop ups, this was shortly after I foolishly went onto a keygen site
I ran a spyware scan, and surf sidekick keeps coming up, no matter how much I try to delete it, it wont go away, here is a hijackthis.log

Logfile of HijackThis v1.99.1
Scan saved at 21:59:09, on 31/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\mousepad7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\WINDOWS\STEM32~1\spool32.exe
C:\Documents and Settings\Mark The Killer\Application Data\M?crosoft\javaw.exe
C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark The Killer\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O1 - Hosts: 69.50.166.14 yahoo.com
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname7.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [lssas Monitoring Startup] lssas.exe
O4 - HKCU\..\Run: [Windows Registers] winservicess.exe
O4 - HKCU\..\Run: [Start Uppings] mssupdate.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKCU\..\Run: [Windows Compliant] qgnnmv.exe
O4 - HKCU\..\Run: [start uploading] crsss.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [AutoUpdate] C:\Program Files\Serials3k\s3k_autoupdate.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Pldo] "C:\WINDOWS\STEM32~1\spool32.exe" -vt yazr
O4 - HKCU\..\Run: [Fekbmzt] C:\Documents and Settings\Mark The Killer\Application Data\M?crosoft\javaw.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.147/100039/uk/gegames/geaccess.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139692815468
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605688.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2728CAE1-1766-406B-A7ED-BC49E804556B}: NameServer = 194.72.0.98 194.72.9.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{2728CAE1-1766-406B-A7ED-BC49E804556B}: NameServer = 194.72.0.98 194.72.9.38
O20 - AppInit_DLLs: repairs303169566.dll
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\n22ulcf91f2.dll (file missing)
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\fp8603lse.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFyayBUaGUgS2lsbGVy\command.exe (file missing)
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I cant get rid of any of the surf side kick files here, can anybody help?
 
Hello and welcome, lets get started. :)

==

Please print these instructions out, or write them down, as you can't read them during the fix.

1. Please download Ewido Anti-Malware
  • Install Ewido Anti-malware
  • Launch Ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run Ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    You will need to update Ewido to the latest definition files.
    • On the left hand side of the main screen click Update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

==

2. Please download Brute Force Uninstaller to your desktop.
  • Right-click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk ( C: ) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

==

4. Once in Safe Mode, Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido anti-malware.

==

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • In the Scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the Complete script execution box to pop up and hit OK.
  • Press Exit to terminate the BFU program.
Reboot into normal Windows and post the contents of Ewido log that you saved along with a fresh HiJackThis log. :bigthumb:
 
I tried the ewido anti malware and it came up with 139 infections, it didn't let me save a log though, and I did the bfu scan too. I executed a bfu\alcanshorty.bfu.txt file, does that make any difference?

here is the hijackthis log anyway:

Logfile of HijackThis v1.99.1
Scan saved at 15:21:56, on 01/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\WINDOWS\STEM32~1\spool32.exe
C:\Documents and Settings\Mark The Killer\Application Data\M?crosoft\javaw.exe
C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
C:\Documents and Settings\Mark The Killer\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O1 - Hosts: 69.50.166.14 yahoo.com
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [lssas Monitoring Startup] lssas.exe
O4 - HKCU\..\Run: [Windows Registers] winservicess.exe
O4 - HKCU\..\Run: [Start Uppings] mssupdate.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKCU\..\Run: [Windows Compliant] qgnnmv.exe
O4 - HKCU\..\Run: [start uploading] crsss.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [AutoUpdate] C:\Program Files\Serials3k\s3k_autoupdate.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Pldo] "C:\WINDOWS\STEM32~1\spool32.exe" -vt yazr
O4 - HKCU\..\Run: [Fekbmzt] C:\Documents and Settings\Mark The Killer\Application Data\M?crosoft\javaw.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.147/100039/uk/gegames/geaccess.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139692815468
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605688.exe
O20 - AppInit_DLLs: repairs303169566.dll
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\n22ulcf91f2.dll (file missing)
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\fp8603lse.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Lets go after SurfSideKick next. You sure have a lot infections there, please stick to the instructions and we'll get them :bigthumb:

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download SideKickFix.
Save it in the same folder you made earlier (c:\BFU).

Please close ALL other open windows & explorer folder's, then double-click on sidekickFix.bat.
Click YES and follow the prompts, when prompted to restart the PC please do so.
Then please post back with a fresh HijackThis log by using AddReply. :)
 
I ran the file you told me to here is my latest hijackthis log, I'm still being plagued by hords of pop ups

Logfile of HijackThis v1.99.1
Scan saved at 19:41:25, on 01/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\mousepad7.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\WINDOWS\STEM32~1\spool32.exe
C:\Documents and Settings\Mark The Killer\Application Data\M?crosoft\javaw.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
C:\WINDOWS\system32\csrrs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mark The Killer\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
O1 - Hosts: 69.50.166.14 yahoo.com
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [newname] C:\windows\newname7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [lssas Monitoring Startup] lssas.exe
O4 - HKCU\..\Run: [Windows Registers] winservicess.exe
O4 - HKCU\..\Run: [Start Uppings] mssupdate.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKCU\..\Run: [Windows Compliant] qgnnmv.exe
O4 - HKCU\..\Run: [start uploading] crsss.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [AutoUpdate] C:\Program Files\Serials3k\s3k_autoupdate.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Pldo] "C:\WINDOWS\STEM32~1\spool32.exe" -vt yazr
O4 - HKCU\..\Run: [Fekbmzt] C:\Documents and Settings\Mark The Killer\Application Data\M?crosoft\javaw.exe
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.147/100039/uk/gegames/geaccess.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139692815468
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605688.exe
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\n22ulcf91f2.dll (file missing)
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\fp8603lse.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFyayBUaGUgS2lsbGVy\command.exe (file missing)
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Ok... Lets continue. :)

1) Please download delcmdservice (by Marckie), and save it to your Desktop.
  • Unzip the content to your Desktop (a folder named delcmdservice)
  • Double-click on the delcmdservice folder
  • Double-click on delreg.bat to launch the tool
  • When the tool has finished, please reboot your computer.

==

2) Create a folder on your desktop called Sysclean.

Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.

Go to http://www.trendmicro.com/download/pattern.asp and download the Official Pattern Release for windows to your desktop.

This file will be called lptXXX.zip (XXX represents the version number)

Unzip lptXXX.zip and you'll get a file lpt$vpn.XXX.

Move the lpt$vpn.XXX to that Sysclean-folder you created on your desktop.

Turn off your antivirus which is installed on your system because it can interfere with the Sysclean-scan.

Open the sysclean-folder and double-click sysclean.com.
Check: "Automatically clean or delete detected files."
Click "Scan".
When the scan is finished, select: "View log".

Copy and paste this log in your next reply. :)
 
Hi.. before going to the above instructions, please try the following:

Please download NTrights.zip by freeatlast.
If you can't access it, download NTrights.zip via here: http://www10.brinkster.com/expl0iter/freeatlast/dumprights.htm
Save it on your desktop.
Unzip/extract it.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Open the NTrights-folder
Double click on the Debug.bat file to run it, follow any prompts it asks.

REBOOT

Doubleclick the Debug.bat again after reboot.

It will create a log.
If the log says:
"Granting SeDebugPrivilege to Administrators ... successful", you must be ok and things restored well
 
It should have created txt.log for you to look at. Please see if there's one.

Also, did you try the ntrights step? Please post a fresh HijackThis log.. :bigthumb:
 
the Debug.bat, showed me Granting SeDebugPrivilege to Administrators ... successful first time round before I rebooted the computer
here is the latest hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 16:31:40, on 02/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\mousepad7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Documents and Settings\Mark The Killer\Application Data\M?crosoft\javaw.exe
C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
C:\Program Files\Winamp\Winamp.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark The Killer\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 69.50.166.14 yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [newname] C:\windows\newname7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registers] winservicess.exe
O4 - HKCU\..\Run: [Start Uppings] mssupdate.exe
O4 - HKCU\..\Run: [Windows Compliant] qgnnmv.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [AutoUpdate] C:\Program Files\Serials3k\s3k_autoupdate.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Pldo] "C:\WINDOWS\STEM32~1\spool32.exe" -vt yazr
O4 - HKCU\..\Run: [Fekbmzt] C:\Documents and Settings\Mark The Killer\Application Data\M?crosoft\javaw.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.147/100039/uk/gegames/geaccess.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139692815468
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605688.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2728CAE1-1766-406B-A7ED-BC49E804556B}: NameServer = 194.72.0.98 194.72.9.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{2728CAE1-1766-406B-A7ED-BC49E804556B}: NameServer = 194.72.0.98 194.72.9.38
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\n22ulcf91f2.dll (file missing)
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\fp8603lse.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Hmm. You still have a lot of stuff there. I guess we could go after them manually. :)

Please print these instructions out, or write them down, as you can't read them during the fix.

Please run a scan with HijackThis and check the following objects for removal:

O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [newname] C:\windows\newname7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKCU\..\Run: [Windows Registers] winservicess.exe
O4 - HKCU\..\Run: [Start Uppings] mssupdate.exe
O4 - HKCU\..\Run: [Windows Compliant] qgnnmv.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Pldo] "C:\WINDOWS\STEM32~1\spool32.exe" -vt yazr
O4 - HKCU\..\Run: [Fekbmzt] C:\Documents and Settings\Mark The Killer\Application Data\M?crosoft\javaw.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605688.exe
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\n22ulcf91f2.dll (file missing)
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\fp8603lse.dll (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

Close ALL other open windows except for HijackThis and hit FIX CHECKED. Close HijackThis.

==

Click Start -> Run and type in: sc delete Network Monitor

Hit ok and reboot.

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

==

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files - option.

Next, please navigate to and delete the following files/folders if present:

C:\PROGRAM FILES\TOOLBAR\
C:\Program Files\Toolbar888\
C:\windows\newname7.exe
C:\windows\mousepad7.exe
C:\windows\keyboard7.exe
C:\WINDOWS\system32\wuclient.exe
C:\PROGRAM FILES\MYWEBSEARCH\ <= Anything related to MyWebSearch
C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe
C:\Program Files\Network Monitor\

With Windows Search function locate and delete the following files if present:

winservicess.exe
mssupdate.exe
qgnnmv.exe
crsss.exe

PLEASE empty recycle bin.

==

Then post back with a fresh HijackThis log and let me know how it went. :bigthumb:
 
here is the latest hijackthis log, one of the MyWebSearch files wouldn't delete even in safe mode, I got rid of the rest though

Logfile of HijackThis v1.99.1
Scan saved at 17:42:20, on 03/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
C:\Documents and Settings\Mark The Killer\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
O1 - Hosts: 69.50.166.14 yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [AutoUpdate] C:\Program Files\Serials3k\s3k_autoupdate.exe
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.147/100039/uk/gegames/geaccess.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139692815468
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
 
Looking better all the time :bigthumb:

Please run a scan with HijackThis and check the following object for removal:

O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe

Close ALL other open windows except for HijackThis and hit FIX CHECKED. Please reboot.

==

Post back with a fresh HijackThis log yet again, and let me know how's the system running. ;)
 
here is the latest hijackthis log, my system is improving ;) not as many pop ups as before

Logfile of HijackThis v1.99.1
Scan saved at 18:13:05, on 04/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mark The Killer\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 69.50.166.14 yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [AutoUpdate] C:\Program Files\Serials3k\s3k_autoupdate.exe
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.147/100039/uk/gegames/geaccess.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139692815468
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2728CAE1-1766-406B-A7ED-BC49E804556B}: NameServer = 194.72.0.98 194.72.9.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{2728CAE1-1766-406B-A7ED-BC49E804556B}: NameServer = 194.72.0.98 194.72.9.38
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
 
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.
 
ok, here is the logfile, it's too big to fit in so I'll have to post it in shifts:


Incident Status Location

Adware:adware/deskwizz Not disinfected C:\WINDOWS\SYSTEM32\ad.html
Adware:adware/commad Not disinfected C:\WINDOWS\SYSTEM32\atmtd.dll
Potentially unwanted tool:application/mywebsearch Not disinfected C:\WINDOWS\SYSTEM32\f3PSSavr.scr
Adware:adware/startpage.aao Not disinfected C:\WINDOWS\SYSTEM32\favico.dat
Dialer:dialer.xc Not disinfected C:\WINDOWS\SYSTEM32\paydial.exe
Dialer:dialer.bb Not disinfected C:\WINDOWS\SYSTEM32\tibs.exe
Adware:adware/ncase Not disinfected C:\TEMP\salmau.dat
Dialer:dialer.fie Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\gba1735.exe
Potentially unwanted tool:application/winfixer2005 Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWFX6_0001_N69M1503NetInstaller.exe
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Mark The Killer\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/dollarrevenue Not disinfected C:\drsmartload1.exe
Adware:adware/azesearch Not disinfected C:\WINDOWS\azesearch.bmp
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\tool.exe
Spyware:spyware/media-motor Not disinfected C:\WINDOWS\ubber60.ini
Potentially unwanted tool:application/funweb Not disinfected C:\PROGRAM FILES\FunWebProducts
Adware:adware/neededware Not disinfected C:\PROGRAM FILES\NDW
Potentially unwanted tool:application/spywarestormer Not disinfected C:\PROGRAM FILES\Spyware Stormer
Adware:adware/maxifiles Not disinfected C:\PROGRAM FILES\COMMON FILES\InetGet
Adware:adware/windowenhancer Not disinfected C:\WINDOWS\SYSTEM32\SBUtils
Adware:adware/searchcat Not disinfected C:\Documents and Settings\Mark The Killer\Favorites\Free Hardcore Porn
Adware:adware/wupd Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\ALTNETDM
Adware:adware/searchexe Not disinfected Windows Registry
Dialer:dialer.xe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{30CE93AE-4987-483C-9ABE-F2BD5301AB70}
Adware:adware/elitebar Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@2o7[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@888[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@adrevolver[3].txt
Spyware:Cookie/ads.tripod.lycos.com Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@ads.tripod.lycos[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@advertising[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@anm.co[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@as-eu.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@ath.belnk[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@azjmp[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@banners.searchingbooth[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@belnk[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@bravenet[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@burstnet[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@c2.gostats[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@c3.gostats[2].txt
 
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@com[1].txt
Spyware:Cookie/Sexsuche Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@counter.sexsuche[1].txt
Spyware:Cookie/DelfinMedia Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@delfinproject[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@dist.belnk[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@doubleclick[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@errorsafe[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@fastclick[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@fe.lea.lycos[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@fe.lea.lycos[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@fe.lea.lycos[3].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@fortunecity[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@gostats[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@go[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@hc2.humanclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@hitbox[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@i.screensavers[2].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@kmpads[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@landing.domainsponsor[1].txt
Spyware:Cookie/LinkExchange Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@linkexchange[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@maxserving[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@mediaplex[1].txt
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@mmm.media-motor[2].txt
Spyware:Cookie/Mp3search Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@mp3search[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@revenue[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@searchportal.information[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@sel.as-eu.falkag[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@statcounter[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@stats1.reliablestats[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@targetnet[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@toplist[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@tribalfusion[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@tucows[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@uol.com[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@valueclick[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@winfixer[1].txt
 
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@wizzle[1].txt
Spyware:Cookie/ademails Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@www.ademails[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@www.errorsafe[1].txt
Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@www.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@xmts[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@zedo[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@2o7[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@888[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@adrevolver[3].txt
Spyware:Cookie/ads.tripod.lycos.com Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@ads.tripod.lycos[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@advertising[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@anm.co[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@as-eu.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@ath.belnk[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@azjmp[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@banners.searchingbooth[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@belnk[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@bravenet[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@burstnet[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@c2.gostats[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@c3.gostats[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@com[1].txt
Spyware:Cookie/Sexsuche Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@counter.sexsuche[1].txt
Spyware:Cookie/DelfinMedia Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@delfinproject[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@dist.belnk[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@doubleclick[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@errorsafe[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@fastclick[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@fe.lea.lycos[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@fe.lea.lycos[2].txt
 
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@fe.lea.lycos[3].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@fortunecity[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@gostats[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@go[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@hc2.humanclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@hitbox[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@i.screensavers[2].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@kmpads[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@landing.domainsponsor[1].txt
Spyware:Cookie/LinkExchange Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@linkexchange[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@maxserving[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@mediaplex[1].txt
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@mmm.media-motor[2].txt
Spyware:Cookie/Mp3search Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@mp3search[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@revenue[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@searchportal.information[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@sel.as-eu.falkag[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@statcounter[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@stats1.reliablestats[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@targetnet[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@toplist[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@tribalfusion[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@tucows[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@uol.com[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@valueclick[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@winfixer[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@wizzle[1].txt
Spyware:Cookie/ademails Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@www.ademails[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@www.errorsafe[1].txt
Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@www.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@xmts[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mark The Killer\Cookies\mark the killer@zedo[2].txt
 
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Mark The Killer\Desktop\,\General (2)\hijackthis\backups\backup-20050501-191117-924.inf
Adware:Adware/ActiveSearch Not disinfected C:\Documents and Settings\Mark The Killer\Desktop\hijackthis\backups\backup-20060403-164846-717.dll
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\Mark The Killer\Desktop\hijackthis\backups\backup-20060403-164846-953.inf
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mark The Killer\Local Settings\Temp\Cookies\mark the killer@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mark The Killer\Local Settings\Temp\Cookies\mark the killer@888[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mark The Killer\Local Settings\Temp\Cookies\mark the killer@adopt.hbmediapro[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mark The Killer\Local Settings\Temp\Cookies\mark the killer@atwola[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Mark The Killer\Local Settings\Temp\Cookies\mark the killer@cassava[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Mark The Killer\Local Settings\Temp\Cookies\mark the killer@maxserving[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mark The Killer\Local Settings\Temp\Cookies\mark the killer@realmedia[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Mark The Killer\Local Settings\Temp\Cookies\mark the killer@winfixer[2].txt
Spyware:Cookie/DelfinMedia Not disinfected C:\Documents and Settings\Miyoko\Cookies\miyoko@delfinproject[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Miyoko\Cookies\miyoko@xmts[1].txt
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\InetGet\freeprodtb.exe
Adware:Adware/ActiveSearch Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\EB66E293-D5A4-4DE9-ABE2-1FA5A4\AA765B4F-9AEA-4B69-8EA3-6CF20F
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
Dialer:Dialer.APH Not disinfected C:\WINDOWS\Downloaded Program Files\gba1735.exe
Potentially unwanted tool:Application/Pskill.A Not disinfected C:\WINDOWS\RESTORE.INS[PSKILL.EXE]
Virus:Trj/Downloader.HXL Not disinfected C:\WINDOWS\sec.chm[page.htm]
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\sec.chm[UWAS5_0001_LP51NetInstaller.exe]
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\sec.chm[UWFX5_0001_LP1014NetInstaller.exe]
Adware:Adware/CWS Not disinfected C:\WINDOWS\sec.chm[xload.exe]
Potentially unwanted tool:Application/Pskill.A Not disinfected C:\WINDOWS\system\RESTORE.INS[PSKILL.EXE]
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\ad.html
Spyware:Cookie/Gaytrafficbroker Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\system@gaytrafficbroker[1].txt
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EV6VO1CB\casino-ico[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EV6VO1CB\drugs[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EV6VO1CB\virus[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OPZRAT3M\dating[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OPZRAT3M\fav[2].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VLCADOKU\casino[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VLCADOKU\dating-ico[2].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VLCADOKU\dating[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WXYNO1EF\casino-ico[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WXYNO1EF\drugs-ico[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WXYNO1EF\fav-ico[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WXYNO1EF\virus[1].bmp
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\dr.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\system32\f3PSSavr.scr
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\system32\in10thinInstDSTU43s.dll
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\lybhav-1.0.0.dll
Adware:Adware/CommAd Not disinfected C:\WINDOWS\TWFyayBUaGUgS2lsbGVy\asappsrv.dll
Adware:Adware/CommAd Not disinfected C:\WINDOWS\TWFyayBUaGUgS2lsbGVy\nqIVuV1ou3o0mZ5Pv3pV.vbs
Adware:Adware/CommAd Not disinfected C:\WINDOWS\TWFyayBUaGUgS2lsbGVy\__delete_on_reboot__command.exe
 
You must log in or register to reply here.
Back
Top