0

Whenever I click on links within Google or other search engines, I get redirected to a number of other search engines. Can someone please tell me what to fix in HJT to end this insanity? Much appreciated.

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Universal Shield 4.0\US30Service.exe
C:\WINDOWS\system32\vnxserv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\clockmon.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: TW_BHO Class - {1E1B2879-88FF-11D2-8D96-FFFFAC95951F} - C:\Program Files\Macro ToolsWorks\mtwbho.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [dmukh.exe] C:\WINDOWS\system32\dmukh.exe
O4 - Startup: MacroMaker.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: clockmon.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\windows\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud9.sports.sc5.yahoo.com/java/y/nflgcst1016_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon/asp/cx_tgctlcm.jsp
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129646941411
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF8D8FC8-FD76-45ED-BD40-42ADE4002C9C}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE06D1AC-8F97-473E-A1AD-F7FFE553942A}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4596DBC-F769-4826-AF9B-0BF2F56D13AE}: NameServer = 85.255.115.91,85.255.112.6
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Universal Shield 4.0\US30Service.exe
O23 - Service: Vsclient Service (VnxService) - Unknown owner - C:\WINDOWS\system32\vnxserv.exe

3
Contributors
9
Replies
10
Views
11 Years
Discussion Span
Last Post by DMR
0

Sure thing. Check the following:

O1 - Hosts: localhost 127.0.0.1
O4 - HKLM\..\Run: [dmukh.exe] C:\WINDOWS\system32\dmukh.exe
O4 - Global Startup: clockmon.exe
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/gam...ts/y/dot4_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/gam...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/gam...nts/y/nt1_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud9.sports.sc5.yahoo.com/ja...lgcst1016_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/pote_x.cab

Also, check the O17 entries if ya don't recognize the IP there.

After doing this, restart the computer and install LSPFix. Run this and have it fix anything it finds.

After doing this, post back here with a new HJT log.

Thanks again.

0

Thank you for the response. I did a whole handful of things, including what you said, and it apparently worked. I don't know if it was one of the cleaning programs I dl'd or one of the boxes you told me to check, but I seem to be OK for the moment. Thank you again! Here is the new HJ log just FYI:

C:\Program Files\Universal Shield 4.0\US30Service.exe
C:\WINDOWS\system32\vnxserv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\clockmon.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
E:\Program Files\ARM Software\MacroMaker\MacroMaker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
E:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: TW_BHO Class - {1E1B2879-88FF-11D2-8D96-FFFFAC95951F} - C:\Program Files\Macro ToolsWorks\mtwbho.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dmwck.exe] C:\WINDOWS\system32\dmwck.exe
O4 - Startup: MacroMaker.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: clockmon.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\windows\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon/asp/cx_tgctlcm.jsp
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129646941411
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Universal Shield 4.0\US30Service.exe
O23 - Service: Vsclient Service (VnxService) - Unknown owner - C:\WINDOWS\system32\vnxserv.exe

0

Also, check the O17 entries if ya don't recognize the IP there.

Those IPs (which point to rogue/bogus DNS servers) are the work of the Wareout parasite. Wareout also drops hidden, malicious files on the system, which will need to be removed.


chazzman, please do the following:

You will need to close/quit all open programs now, and will be disconnected from the Internet for some of the following, so you should print out these instructions or save them into a text file with Notepad.

* Download FixWareout from one of these sites and save it to your desktop :
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

* Download and install the free 14-day trial version of ewido anti-malware:
http://www.ewido.net/en/download/

* Open ewido. In the main screen, click "Update" and click "Start Update". Don't run a scan with ewido yet; after the update process completes, just close the program.

* Run FixWareout. Click Next, then Install, then make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items (the actual filename may have changed slightly, as it did before, but the entry will be similar enough):
O4 - HKLM\..\Run: [dmwck.exe] C:\WINDOWS\system32\dmwck.exe

Click FIX CHECKED. Close HijackThis, and click OK to proceed.

* Reboot the computer into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).

* Open ewido and run a scan. When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.

* Reboot normally, run HJT again, and post the new log. Also post the scan report log that ewido generated, as well as the log that FixWareout created. The FixWareout log is named report.txt, and should live in your C:\fixwareout\ folder.

0

Thank you for the direction. I began to do these activities but when I ran FixWareout, it didn't progress like you suggested it would. It ran at the command prompt (black screen), created a quick textpad file, then ended. It did nothing else -- no more prompts, no reboot, nothing. Since my experience was different than you suggested it would be, I quit before I did anything wrong. I will await further guidance. Thanks again.

0

... and, I am still being redirected to other search sites again: Robogold, Netster, etc. This is frustrating.

0

Hmm, well Wareout seems to be the main problem so far.

Let's fix this WareoutFix. Have ya tried uninstalling it and then reinstalling it again? This might fix it. If u've already tried this, post back and we'll work from there.

Thanks.

0

OK... you asked for it. I have all 3 logs and here they are:

HJT first:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: TW_BHO Class - {1E1B2879-88FF-11D2-8D96-FFFFAC95951F} - C:\Program Files\Macro ToolsWorks\mtwbho.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - Startup: MacroMaker.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: clockmon.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\windows\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon/asp/cx_tgctlcm.jsp
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129646941411
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - e:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - e:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Universal Shield 4.0\US30Service.exe
O23 - Service: Vsclient Service (VnxService) - Unknown owner - C:\WINDOWS\system32\vnxserv.exe



Now ewido:---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------


+ Created on:           8:09:35 PM, 4/19/2006
+ Report-Checksum:      533582F


+ Scan result:


HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
[180] VM_00D60000 -> Downloader.Agent.uj : Error during cleaning
[204] VM_00BF0000 -> Downloader.Agent.uj : Error during cleaning
[852] VM_009D0000 -> Downloader.Agent.uj : Error during cleaning
C:\Documents and Settings\Main User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-68d0d310-641b133f.zip/NewSecurityClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\Documents and Settings\Main User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-68d0d310-641b133f.zip/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\Documents and Settings\Main User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv585.jar-34765320-3cecabc6.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\Documents and Settings\Main User\Cookies\Chazz [email]Sim@ad.yieldmanager[2].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Main User\Cookies\Chazz [email]Sim@ads.addynamix[2].txt[/email] -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Main User\Cookies\Chazz [email]Sim@atdmt[2].txt[/email] -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Main User\Cookies\Chazz [email]Sim@citi.bridgetrack[2].txt[/email] -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Main User\Cookies\Chazz [email]Sim@com[1].txt[/email] -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Main User\Cookies\Chazz [email]Sim@doubleclick[1].txt[/email] -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Main User\Cookies\Chazz [email]Sim@e-2dj6wjliwidjwdq.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Main User\Cookies\Chazz [email]Sim@mediaplex[2].txt[/email] -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Main User\Cookies\Chazz [email]Sim@microsofteup.112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Main User\Cookies\Chazz [email]Sim@paycounter[1].txt[/email] -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Main User\Cookies\Chazz [email]Sim@questionmarket[1].txt[/email] -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Main User\Cookies\Chazz [email]Sim@rotator.adjuggler[1].txt[/email] -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Main User\Cookies\Chazz [email]Sim@truition.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Main User\Cookies\Chazz [email]Sim@www.myaffiliateprogram[1].txt[/email] -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\install.htm -> Not-A-Virus.Exploit.DialogArg : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1056.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1070.txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1094.txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1150.txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1169.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1174.txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1177.txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1182.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1188.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1215.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1319.txt -> TrackingCookie.Tfag : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1354.txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1365.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1384.txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1438.txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1439.txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1444.txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1454.txt -> TrackingCookie.Shopathomeselect : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1483.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1605.txt -> TrackingCookie.G3x : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1614.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1619.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1655.txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1656.txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc1688.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc2064.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc2295.txt -> TrackingCookie.Yadro : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc2348.tmp -> Adware.180Solutions : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc337.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc384.txt -> TrackingCookie.Clickhype : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc391.txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc400.txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc432.txt -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc480.txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc528.txt -> TrackingCookie.Enhance : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc530.txt -> TrackingCookie.Goclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc542.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc557.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc581.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc610.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc633.txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc634.txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc635.txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc636.txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc637.txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc638.txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc639.txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc640.txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc646.txt -> TrackingCookie.Overture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc647.txt -> TrackingCookie.Overture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc708.txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc720.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc721.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc722.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc723.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc724.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc725.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc726.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc727.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc728.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc729.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc730.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc731.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc732.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc733.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc734.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc735.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc736.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc737.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc738.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc739.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc740.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc741.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc742.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc743.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc744.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc745.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc746.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc747.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc748.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc749.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc750.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc751.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc752.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc753.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc754.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc755.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc756.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc757.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc758.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc759.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc760.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc761.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc762.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc763.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc764.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc765.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc766.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc767.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc768.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc769.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc770.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc771.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc772.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc773.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc774.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc775.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc776.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc777.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc778.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc779.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc780.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc781.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc782.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc783.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc784.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc785.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc786.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc787.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc788.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc789.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc790.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc791.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc792.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc793.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc794.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc795.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc796.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc797.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc798.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc799.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc800.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc801.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc802.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc803.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc804.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc805.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc806.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc807.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc808.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc809.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc810.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc811.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc812.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc813.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc814.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc815.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc816.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc817.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc818.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc819.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc820.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc821.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc822.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc823.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc824.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc825.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc826.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc827.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc828.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc829.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc830.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc831.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc832.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc833.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc834.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc835.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc836.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc837.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc838.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc839.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc840.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc841.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc842.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc843.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc844.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc845.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc846.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc847.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc848.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc849.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc850.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc851.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc852.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc853.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc854.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc855.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc856.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc857.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc858.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc859.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc860.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc861.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc862.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc863.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc864.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc865.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc866.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc867.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc868.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc869.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc870.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc871.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc872.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc873.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc874.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc875.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc876.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc877.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc878.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc879.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc887.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc892.txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-3942531886-2154702590-596957751-1006\Dc893.txt -> TrackingCookie.Hitbox : Cleaned with backup



::Report End


and finally wareout:
Check for missing files
.....
C:\WINDOWS\system32\AUTOEXEC.NT not there
.....
End check for missing files
.....
VXD Check
REGEDIT4


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
"VDD"=hex(7):43,3a,5c,50,52,4f,47,52,41,7e,31,5c,53,79,6d,61,6e,74,65,63,5c,53,\
33,32,45,56,4e,54,31,2e,44,4c,4c,00,00
.....
End vxd check
.....
please post this at the forum

Edited by happygeek: fixed formatting

0

1. FixWareout didn't run correctly, and that bothers me. Please try downloading, reinstalling, and running the program again. I gave two download links for FixWareout; use the alternate link this time, just in case there was/is a problem with the file on the download site you did use.


2. The latest HJT log you posted is missing the top portion (compare it with your previous logs). Please post a full log.


3. Clear your DNS cache to remove possible leftover entries from the "rogue" DNS servers:

* Click on the "Run..." option in your Start menu. In the "Open:" box of the resulting window, type "cmd" (omit the quotes) and hit Enter. This will bring up a DOS window
* At the DOS prompt, type the following command and hit Enter. Close the DOS box once the command completes:
ipconfig /flushdns


4. Let's verify that (among other things) you are now using valid, non-malicious DNS servers:

* Click on the "Run..." option in your Start menu. In the "Open:" box of the resulting window, type "cmd" (omit the quotes) and hit Enter. This will bring up a DOS window
* At the DOS prompt, type the following command and hit Enter. You won't see any result from the command, but when it completes a second prompt with a flashing cursor will be displayed; close the DOS box once that happens:
ipconfig /all >ipconfig.txt

The above command will have created a text file on you desktop named ipconfig.txt; double-click on the file to open it in Notepad, and then cut-n-paste the file's contents in your next post.


5. As jhay116, run ewido again (in Safe Mode) and post the new report.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.