Well I got a $1500 computer for $500! whoohooo bad part: this thing is sooooooooooo full of crap.... can someone help me out? Thanks :)

Logfile of HijackThis v1.99.1
Scan saved at 3:14:30 AM, on 2/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Jfrsa\Fcxpdl.exe
C:\Program Files\Ares Lite Edition\AresLite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nxsnscfqjhenvlbmptlwtoc.com/P/MhWn28zJkShEUk0Id6/0uDYpT0NweakMtBnzIrxfnAaxws3f8lkJTUFBdEfQQ5.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwpvaapfmba.com/P/MhWn28zJlxSa49Jn04ZuJF1UN0/SiXqDLU1wSwM3A.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {471615D7-ACF0-81E1-696B-10D53C668510} - C:\DOCUME~1\Owner\APPLIC~1\MAILDE~1\DVDCORN.exe
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Owner\Desktop\MsgPlus.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [ENic6] C:\WINDOWS\fomdqkxn.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\DOCUME~1\AMBER~1.FAM\LOCALS~1\Temp\cxtpls_loader.exe" /PC=CP.IST /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Juqjxg] C:\Program Files\Jfrsa\Fcxpdl.exe
O4 - HKLM\..\Run: [BashBookErrorTime] C:\Documents and Settings\All Users\Application Data\Bits amen bash book\coolaim.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Owner\Desktop\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [loveinternet] C:\DOCUME~1\Owner\APPLIC~1\PHONEL~1\Byte Bows.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LimeWire 4.2.6.lnk = C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122827179765
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.73.downloads.estara.com./as/OneCCDM.php?template=28037&sessionid=1642259849_66.155.171.73_40942&=&req=1123189065093OneCC.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\ckcfg32.dll (file missing)
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wvnsta.dll (file missing)
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\icrtprio.dll (file missing)
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\dZdramp.dll (file missing)
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\pmrfnet.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\CT930A.dll (file missing)
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\oxbcji32.dll (file missing)
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\SRDOCVW.DLL (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\waaservc.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\fmusd.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\drrpsetu.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

Recommended Answers

All 23 Replies

Hi, This shows that your windows is out of date. After the cleaning process you should use windows update to get SP2.

Go into safemode. Scan again with HJT, and place a tick nest to these items, then click Fix checked items.


C:\Program Files\ISTsvc\istsvc.exe Check with an antivirus scanner

:\Program Files\SurfAccuracy\SAcc.exe Check with an antivirus scanner

C:\Program Files\Internet Optimizer\optimize.exe Check with an antivirus scanner - Not sure about this one

C:\Program Files\Internet Optimizer\actalert.exe - Then delete the file.

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll

O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" - May be legit

O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe

O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe - Delte file, not sure about this entry

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

========================

Then Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

ok are you ready? lol wow is all i can say also i am going to delete all the crap in my temp folders so hopefully that will help some... good luck with this!!!

This is the full report:
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:57:45 PM, 2/25/2006
+ Report-Checksum: 746169EA

+ Scan result:

HKLM\SOFTWARE\YourSiteBar -> Adware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Adware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historygs -> Adware.ISTBar : Error during cleaning
C:\1.exe -> Dropper.Small.wn : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\Amber\Local Settings\Temporary Internet Files\Content.IE5\KLQNGDER\arrtv[1].cab/ATPartners.dll -> Adware.F1Organizer : Cleaned with backup
C:\Documents and Settings\Amber\Local Settings\Temporary Internet Files\Content.IE5\KLQNGDER\OTXMedia[1].dll -> Adware.OTX : Cleaned with backup
C:\Documents and Settings\Amber\Local Settings\Temporary Internet Files\Content.IE5\YLIRC9A5\ZangoInstaller[1].exe/ZangoLib.dll -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\Amber\Local Settings\Temporary Internet Files\Content.IE5\YLIRC9A5\ZangoInstaller[1].exe/ZangoLib.dll -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@adorigin[1].txt -> TrackingCookie.Adorigin : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@banner.casinolasvegas[2].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@bookspan.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@casinolasvegas[1].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@cc.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@e-2dj6wfk4wiajsgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@efashionsolutions.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@images.lop[1].txt -> TrackingCookie.Lop : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@lop[2].txt -> TrackingCookie.Lop : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@spylog[1].txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@www.lop[1].txt -> TrackingCookie.Lop : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@www.sidefind[2].txt -> TrackingCookie.Sidefind : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Cookies\amber@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temp\180sainstallersilsais1.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temp\180sainstallersilsais1.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temp\aPQfhi.exe -> Downloader.IstBar.mx : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temp\auf0.exe -> Downloader.Apropo.ai : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temp\AutoUpdate0\auto_update_install.exe -> Downloader.Apropo.u : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temp\dealhelper.exe -> Downloader.Agent.hw : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temp\Del218.tmp -> Downloader.Small.asf : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temp\iinstall.exe -> Downloader.IstBar.ll : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temp\nsh_114.exe -> Adware.DownloadWare : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temp\optimize.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temp\res219.tmp -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temp\sidefind.exe -> Downloader.IstBar.jm : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\49AF4PYJ\ActiveX[1].ocx -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\4T6BCDQ7\ibar[10].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\4T6BCDQ7\ibar[1].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\4T6BCDQ7\ibar[2].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\4T6BCDQ7\ibar[3].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\4T6BCDQ7\ibar[4].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\4T6BCDQ7\ibar[5].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\4T6BCDQ7\ibar[6].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\4T6BCDQ7\ibar[7].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\4T6BCDQ7\ibar[8].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\4T6BCDQ7\ibar[9].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\4T6BCDQ7\ZangoInstaller[1].exe -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\81YZ496J\Installer[1].exe -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\81YZ496J\nsh_114[1].exe -> Adware.DownloadWare : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\EJ0N0VW5\bridge-c46[1].cab/MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\EJ0N0VW5\website[1].ocx -> Downloader.Agent.ex : Cleaned with backup
C:\Documents and Settings\amber.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\TN3BPTC6\download3849[2].exe -> Backdoor.VBbot.i : Cleaned with backup
C:\Documents and Settings\josh\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\josh\Application Data\Starware\MasterOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\josh\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\josh\Application Data\Starware\ToolbarOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfk4kgd5mdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfk4sgazico.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfkiapajslo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfkicmajwgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfkiupdjego.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfkoghdzeco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfkowmcjofp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfkyekdzogo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfkywmajieo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfkywmdjeap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfkywodpgdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfliegazgfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfligiczgfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfliqoc5glp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfmiokd5ofq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfmishazkfp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfmiuoajseq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wfmiwjdpoho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wgkycod5ggp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjk4egajigp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjk4qidpwbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjk4qlcpwfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjkoaldpihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjkocodjafp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjkoemc5kdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjkogjajicp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjkokgczslq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjkokodjsko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjkoqgczodp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjkosnczsho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjkykhc5olo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjkyskazcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjl4eocjcbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjl4ulcpecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjliaoajcko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjliqmcpsap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjlyclc5oho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjlykgczwho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjmyclc5ico.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjmygkdjmkq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjmyqoazeap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjny-1iczoe.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjny-1lcpcg.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjny-1pdpkk.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjnycgc5wdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjnycpc5iao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjnyegazalp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjnyglczgbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjnyqhdjkfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjnysicpogo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjnysod5ifp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@e-2dj6wjnywpczigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@lop[1].txt -> TrackingCookie.Lop : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\josh\Cookies\josh@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\josh\Desktop\hijackthis\backups\backup-20050606-000844-633.dll -> Trojan.Agent.cs : Cleaned with backup
C:\Documents and Settings\josh\Local Settings\Temp\temp.fr4894\Programs\webhdll.dll_tobedeleted_tobedeleted -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\josh\Local Settings\Temp\temp.fr4894\Programs\whiehlpr.dll_tobedeleted_tobedeleted -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\mom\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\mom\Application Data\Starware\MasterOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\mom\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\mom\Application Data\Starware\ToolbarOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@ads12.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@ads18.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@ads32.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@e-2dj6wfl4apcjcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@e-2dj6wfliogdjclo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@e-2dj6wflochc5cap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@e-2dj6wgkignd5oco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@e-2dj6wjkokkd5ako.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@e-2dj6wjkyohdzafo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@e-2dj6wjliehajsap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@e-2dj6wjlownazoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@e-2dj6wjlysgdjkho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@e-2dj6wjnyqoczgep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@e-2dj6wjnyuldpcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@e-2dj6wjnywoazeep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\mom\Cookies\mom@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\mom\Local Settings\Temp\7xhkHc.exe -> Downloader.IstBar : Cleaned with backup
C:\Documents and Settings\mom\Local Settings\Temp\I8qCDG.exe -> Downloader.IstBar.jl : Cleaned with backup
C:\Documents and Settings\mom\Local Settings\Temp\LuuC8g.exe -> Downloader.IstBar : Cleaned with backup
C:\Documents and Settings\mom\Local Settings\Temp\M7WVtV.exe -> Downloader.IstBar : Cleaned with backup
C:\Documents and Settings\mom\Local Settings\Temp\New3559.tmp\upgrade.exe -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\mom\Local Settings\Temp\o52aRC.exe -> Downloader.IstBar.jl : Cleaned with backup
C:\Documents and Settings\mom\Local Settings\Temp\WGSfaC.exe -> Downloader.IstBar : Cleaned with backup
C:\Documents and Settings\mom\Local Settings\Temporary Internet Files\Content.IE5\5TGCREKZ\AproposClientInstaller[1].exe -> Downloader.Apropo.ai : Cleaned with backup
C:\Documents and Settings\mom\Local Settings\Temporary Internet Files\Content.IE5\N6V41NKA\newmajorse2[1].cab/newmajorse2.txt -> Adware.WebSearch : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@cc.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@ehg-deliveryagent.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@ehg-lowermybills.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@images.lop[1].txt -> TrackingCookie.Lop : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@lop[1].txt -> TrackingCookie.Lop : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@prizeamerica.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@rccl.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@www.sidefind[2].txt -> TrackingCookie.Sidefind : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Cookies\mom@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\mom.FAMILYROOM\Local Settings\Temporary Internet Files\Content.IE5\MEYPTT8Y\popcaploader_v6[1].cab/PopCapLoader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@66.220.17[3].txt -> TrackingCookie.66.220.17.154 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@banner.casinolasvegas[2].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casinolasvegas[1].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkysmdjocp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkywjdjgep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkywocpgbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliklc5ilo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliqidpsfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wflogkajmcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmiokd5ofq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmykmdpogo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkygod5akq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4egdpebq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlisjcpoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjliwnc5sfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlowldjkao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyeoazwgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmiemczkdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmyupajgfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1ndjcb.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1scpil.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnycgc5wdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnycmcpido.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnygkd5edo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyqhdzkbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnysnc5wap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnywhajmkq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnywjc5aep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-futurenetworkusa.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@lop[1].txt -> TrackingCookie.Lop : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.sidefind[2].txt -> TrackingCookie.Sidefind : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\eskin -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\eskin\empty_bg_st.htm -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\eskin\FileManager.txt -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\IESkins -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\reports.txt -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOI -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOI\dynamic -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOI\static -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\dynamic -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\030104_emte10_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\030104_emte11_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\030104_emte12_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\030104_emte13_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\030104_emte14_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\030104_emte19_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\030104_emte20_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\030104_emte21_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\030104_emte9_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\030203lib_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\033102angel_1_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\033102bigluf_1_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\033102bigsmile_1_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\033102birthday_1_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\033102cheers_1_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\033102flo_1_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\033102good_1_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\033102jump_1_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\033102king_1_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\033102lough_1_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\033102luf_1_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\033102smiled_1_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\033102smile_1_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\033102sor_1_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\033102thanx_1_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\033102uhu_1_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\040103ahh_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\040103wow_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\040104_emi2_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\042102_1134_112_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\050103big_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\050103gig_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\050103hm_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\050103nomail_emoti_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\050103norm_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\060104_ema15_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\060104_ema16_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\060104_ema17_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\060104_ema18_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\060104_ema19_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\060104_ema20_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\060104_ema21_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\060104_ema24_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\060104_ema25_prv.gif -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Welcome\Application Data\Hotbar\v3.0\HostOL\static\1\060104_ema26_prv.gif -> Adware.HotBar : Cleaned with backup
C:\

oops forgot to post my hijack! hey when my hijack starts up, it says this "for some reason your system denied write access to the Hosts file. if any hijacked domains are in this file, hijackthis may not be able to fix this. if that happens you need to edit the file yourself. to do this click start run and type: notepad c:\windows\system32\drivers\etc\hosts and press enter. find the lines hijack this reports and delete them. save the file as "hosts" with quotes, and reboot."

here ya go!

Logfile of HijackThis v1.99.1
Scan saved at 5:14:51 PM, on 2/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Ares Lite Edition\AresLite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nxsnscfqjhenvlbmptlwtoc.com/P/MhWn28zJkShEUk0Id6/0uDYpT0NweakMtBnzIrxfnAaxws3f8lkJTUFBdEfQQ5.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwpvaapfmba.com/P/MhWn28zJlxSa49Jn04ZuJF1UN0/SiXqDLU1wSwM3A.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {471615D7-ACF0-81E1-696B-10D53C668510} - C:\DOCUME~1\Owner\APPLIC~1\MAILDE~1\DVDCORN.exe (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Owner\Desktop\MsgPlus.exe"
O4 - HKLM\..\Run: [ENic6] C:\WINDOWS\fomdqkxn.exe
O4 - HKLM\..\Run: [Juqjxg] C:\Program Files\Jfrsa\Fcxpdl.exe
O4 - HKLM\..\Run: [BashBookErrorTime] C:\Documents and Settings\All Users\Application Data\Bits amen bash book\coolaim.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Owner\Desktop\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [loveinternet] C:\DOCUME~1\Owner\APPLIC~1\PHONEL~1\Byte Bows.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122827179765
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.73.downloads.estara.com./as/OneCCDM.php?template=28037&sessionid=1642259849_66.155.171.73_40942&=&req=1123189065093OneCC.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\ckcfg32.dll (file missing)
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wvnsta.dll (file missing)
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\icrtprio.dll (file missing)
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\dZdramp.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\CT930A.dll (file missing)
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\oxbcji32.dll (file missing)
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\SRDOCVW.DLL (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\waaservc.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\fmusd.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\drrpsetu.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

Hi, i am not sure why you got the HJT error, but have it fix these, in safe mode. And have it make backups first.

O2 - BHO: (no name) - {471615D7-ACF0-81E1-696B-10D53C668510} - C:\DOCUME~1\Owner\APPLIC~1\MAILDE~1\DVDCORN.exe (file missing)

O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll

O4 - HKLM\..\Run: [ENic6] C:\WINDOWS\fomdqkxn.exe

O4 - HKLM\..\Run: [Juqjxg] C:\Program Files\Jfrsa\Fcxpdl.exe

O4 - HKLM\..\Run: [BashBookErrorTime] C:\Documents and Settings\All Users\Application Data\Bits amen bash book\coolaim.exe

O4 - HKCU\..\Run: [loveinternet] C:\DOCUME~1\Owner\APPLIC~1\PHONEL~1\Byte Bows.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.73.downloads.es...065093OneCC.cab

O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab

O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab

O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\dZdramp.dll (file missing)

Post a new log.

Logfile of HijackThis v1.99.1
Scan saved at 6:22:03 PM, on 2/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Winamp\winampa.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Ares Lite Edition\AresLite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nxsnscfqjhenvlbmptlwtoc.com/P/MhWn28zJkShEUk0Id6/0uDYpT0NweakMtBnzIrxfnAaxws3f8lkJTUFBdEfQQ5.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwpvaapfmba.com/P/MhWn28zJlxSa49Jn04ZuJF1UN0/SiXqDLU1wSwM3A.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Owner\Desktop\MsgPlus.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Owner\Desktop\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [loveinternet] C:\DOCUME~1\Owner\APPLIC~1\PHONEL~1\Byte Bows.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122827179765
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\ckcfg32.dll (file missing)
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wvnsta.dll (file missing)
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\icrtprio.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\CT930A.dll (file missing)
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\oxbcji32.dll (file missing)
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\SRDOCVW.DLL (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\waaservc.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\fmusd.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\drrpsetu.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

Almost done. Make a backup then have it remove the following.

O4 - HKCU\..\Run: [loveinternet] C:\DOCUME~1\Owner\APPLIC~1\PHONEL~1\Byte Bows.exe

O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.com/ist/softwares...ysb_regular.cab

O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\icrtprio.dll (file missing)

O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\fmusd.dll (file missing)

O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\drrpsetu.dll (file missing)

O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\CT930A.dll (file missing)

O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\oxbcji32.dll (file missing)

O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\SRDOCVW.DLL (file missing)

O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\waaservc.dll (file missing)

Then you are all clean :). Look here for programs to help you stay clean.

http://www.toughadmin.com/forum/viewtopic.php?t=23


And you should download SP2.

-T

Logfile of HijackThis v1.99.1
Scan saved at 7:58:05 PM, on 2/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.imvmuyxoeelgqlcxblajyv.com/P/MhWn28zJkShEUk0Id6/0uDYpT0NweakMtBnzIrxfny9DK7sqKbGZTUFBdEfQQ5.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Owner\Desktop\MsgPlus.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Owner\Desktop\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [loveinternet] C:\DOCUME~1\Owner\APPLIC~1\PHONEL~1\Byte Bows.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122827179765
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\ckcfg32.dll (file missing)
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wvnsta.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

thanks :)

If you bought this machine off of someone else, I would recommend reformatting and starting completely fresh and clean.

Yea, you look like you are all clean now.

-T

well i have the system recovery disks... is that what you mean? Is there some way i can do it or do i have to have someone who actually knows what they are doin do it? lol

haha this better be clean...
Logfile of HijackThis v1.99.1
Scan saved at 10:18:31 PM, on 2/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Documents and Settings\Owner.YOUR-AT5QGAAC3Z\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\notepad.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

where do i get the sp2 btw?

Good news :). Clean this

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

And you will 100% clean. Then download SP2 here. http://www.microsoft.com/windowsxp/sp2/default.mspx - and make sure you get all updates (by running windows update).

you look like you are all clean now.

Careful there, T- it wasn't ;)

Nasties:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.imvmuyxoeelgqlcxblajyv.c...TUFBdEfQQ5.html
O4 - HKCU\..\Run: [loveinternet] C:\DOCUME~1\Owner\APPLIC~1\PHONEL~1\Byte Bows.exe
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\ckcfg32.dll (file missing)
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wvnsta.dll (file missing)

Doh! I must have been blind :o. Thanks for follwoing up. Im still learning :cheesy: .

By the looks of the R1 line I would look for Lop

Hey- welcome D3m3nt3d! Glad to have your help around here :)

Hey- welcome D3m3nt3d! Glad to have your help around here :)

Thanks DMR

I'm happy to help! :)

Hi guys, interesting thread. In reading this through, it might not be a bad idea to suggest going to and getting the CCleaner program? It will look at the IE browser, applications and issues and let you clean/repair a lot of mess left behind. I would really suggest this for a secondary market computer like this. Also, at http://www.javacoolsoftware.comis the Spyware Blaster program. It will help as a first line defense against all kinds of nasties. Of course I am sure it has been suggested to use the Spybot and AdAware. Just a thought and I have suggested this to several users here who have been amazed at the effect. These are great and !FREE! programs.

All the best from the big rock down under!

Haha ya, I'd second that. I already use it in fixes here.

However, after installing, ya need to configure it to scan some custom files:

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After adding these in custom, be sure to check the box inside the 'clean' tab.

Ya, and lastly, just make this post a new thread next time.

Thanks.

hey just so every1 knows i had windows reinstalled in my computer and everythings all fresh and clean now :) thanks for all the advice!!!!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.