0

I'VE MANAGED TO RUN HI JACK, HOPEFULLY CORRECTLY.....HERE'S MY LOG. I'M TRYING TO STOP THE POP UPS FROM WINDOWS SECURITY AND SPYWARE DEFENDER PROGRAMS.......

Logfile of HijackThis v1.99.1
Scan saved at 10:57:46 PM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Blink\blink.exe
C:\WINDOWS\system32\pmgbciwa.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Common Files\AOL\1181614804\ee\AOLSoftware.exe
C:\Program Files\DriveCleaner Free\UDC.exe
C:\Program Files\DriveCleaner Free\UDC6cw.exe
C:\Program Files\Common Files\DriveCleaner Free\dcsm.exe
C:\Program Files\Common Files\DriveCleaner Free\DNSE.exe
C:\Program Files\Ultimate Defender\UltimateDefender.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\ErrorProtector Free\ertmain.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Blink\blink.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\PROGRA~1\AMERIC~1.0\waol.exe
C:\PROGRA~1\AMERIC~1.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\DOCUME~1\CANDACE\LOCALS~1\Temp\WZSE3.TMP\setup.exe
C:\Program Files\SpywareDetector\UpdatePopUp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\DESTROYSPY\destroy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060926
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060926
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll
O2 - BHO: MSVPS System - {283A0EE3-2CC1-45AB-8207-B1D7B69C7F83} - C:\WINDOWS\duocore.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\kmbdguxo.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: DeskalertsBHO - {69DACF5A-70EF-4363-A036-89450346121F} - C:\Program Files\DeskAlerts\deskbar.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\iifgdcd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A6D70A2D-BF14-4119-AE0B-EF8F5978DC56} - C:\WINDOWS\system32\rflpewrk.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {AAC1FEA3-CE31-4481-B406-82AC1796085e} - C:\WINDOWS\system32\foolduci.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BD0369DC-6E1D-4B3E-BF2D-EA35D1C138D3} - C:\WINDOWS\system32\foolduci.dll (file missing)
O2 - BHO: (no name) - {BFC517CD-7CEE-447F-B4F1-EA023B85C2D7} - C:\WINDOWS\system32\awvtq.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\gkhortml.dll
O2 - BHO: (no name) - {D9904872-B2B6-457A-B286-B9E2E9A76678} - C:\WINDOWS\system32\rflpewrk.dll
O2 - BHO: (no name) - {E44527F6-1296-4A84-B67D-A6CEA6ED4B69} - C:\WINDOWS\system32\wvurqoo.dll (file missing)
O2 - BHO: (no name) - {E55AFFC0-CF3E-46DB-BAFA-F69F46A76FFe} - C:\WINDOWS\system32\rflpewrk.dll
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\tbu02553\MediaBar.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\tbu02553\MediaBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1181614804\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DriveCleaner Free] "C:\Program Files\DriveCleaner Free\UDC.exe" /min
O4 - HKLM\..\Run: [UDC6cw] "C:\Program Files\DriveCleaner Free\UDC6cw.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\DriveCleaner Free\dcsm.exe"
O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\DriveCleaner Free\DNSE.exe" -c
O4 - HKLM\..\Run: [ErrorProtector Free] C:\Program Files\ErrorProtector Free\ertmain.exe /min
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\UltimateDefender.exe" hide
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\oscinhmw.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ErrorProtector Free] C:\Program Files\ErrorProtector Free\ertmain.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\linkprd.exe /res
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm021YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Go to Blink - {95F6242A-62E4-4756-892F-F5D5D399CA25} - C:\Program Files\Blink\home.js
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Magic%20Academy/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Magic%20Academy/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D078925-37DB-482D-A002-36350CDB4632}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.134 85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.134 85.255.112.104
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: awvtq - C:\WINDOWS\system32\awvtq.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: iifgdcd - C:\WINDOWS\SYSTEM32\iifgdcd.dll
O20 - Winlogon Notify: wvurqoo - wvurqoo.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: wmpenv - {76765F30-4AD5-4C93-AC60-5E39E3C75958} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {C83B7B5F-4943-4B86-8FE8-AB6FDBF47F2D} - C:\WINDOWS\wmpconf.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Blink Service - Unknown owner - C:\Program Files\Blink\blink.exe" "C:\Program Files\Blink\blink.dll" Service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\pmgbciwa.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

2
Contributors
8
Replies
9
Views
9 Years
Discussion Span
Last Post by gerbil
0

Bloody hell! What a mess!
==Download fixwareout from http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe - and save it to your desktop.
Double click Fixwareout.exe to start the Fixwareout Setup Wizard, click next and then install. Ensure that Run fixit is checked, and click on Finish. After the fix follow the prompts. You will be asked to reboot your computer, and it may take longer than usual to load - this is normal.

Next check some settings....In control panel select the Network and Internet Connections , rclick on your default connection, usually local area connection for cable and dsl, and lclick on properties. Click the Networking tab. Dclick on the Internet Protocol (TCP/IP) item and select Obtain DNS servers automatically. Press OK twice to get out of the properties screen and reboot if it asks.

Now flush the DNS cache: Go Start > Run, type cmd and click OK.
In the command screen, type in cd\ and then press Enter. Now type in ipconfig /flushdns and then Enter. [space after ipconfig]. Type Exit.

Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.134 85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.134 85.255.112.104
O21 - SSODL: wmpenv - {76765F30-4AD5-4C93-AC60-5E39E3C75958} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {C83B7B5F-4943-4B86-8FE8-AB6FDBF47F2D} - C:\WINDOWS\wmpconf.dll
O23 - Service: Blink Service - Unknown owner - C:\Program Files\Blink\blink.exe" "C:\Program Files\Blink\blink.dll" Service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\pmgbciwa.exe

Go Start, run, type cmd -and press Enter; paste into the window these two lines pressing enter after each, then close the window:

sc delete Blink Service
sc delete DomainService

It appears that you have a vundo infection, or traces of one, so please rename hijackthis.exe to imabunny.exe - this is important.
==Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
=Restart your system in Safe Mode.
Double-click VundoFix.exe to start it. Click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
>>>!! Check the Vundofix log C:\Vundofix.txt for any found files that were not deleted - if present rerun Vundofix !!<<<

==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]

-Post the contents of C:\vundofix.txt, C:\Combofix.txt plus a new HijackThis log. [note the name change bit above!!]

0

HI GERBIL,

I AM POSTING THE COMBOFIX,VUNDOFIX,& NEW HIJACK LOG. SINCE I'VE DONE WHAT YOU SAID, I'VE ONLY HAD 1 POP UP THAT SAYS "cannot find 'file:///C:/WINDOWS/privacy_danger/index.htm'.-Make sure that path or internet address is correct ." AND 1 PROBLEM SO FAR...MY DESKTOP BACKGROUND HAS DISAPPEARED AND WINDOWS WON'T LET ME APPLY ANOTHER...INSTEAD I KEEP GETTING THE POP UP THAT SAYS "cannot find 'file:///C:/WINDOWS/privacy_danger/index.htm'.-Make sure that path or internet address is correct ."


NEW HIJACK LOG:


Logfile of HijackThis v1.99.1
Scan saved at 12:03:10 AM, on 8/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Common Files\AOL\1181614804\ee\aolsoftware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\DESTROYSPY\imabunny.exe.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060926
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {242D5BFE-64E9-4A48-8056-F691B44FD931} - C:\WINDOWS\system32\awvtq.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\tbu02553\MediaBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\tbu02553\MediaBar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZZ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Go to Blink - {95F6242A-62E4-4756-892F-F5D5D399CA25} - C:\Program Files\Blink\home.js
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Magic%20Academy/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Magic%20Academy/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D078925-37DB-482D-A002-36350CDB4632}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: wvurqoo - wvurqoo.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


<<<<<<<<E O F>>>>>>>>>>>>>>>>>>


VUNDOFIX LOG:


VundoFix V6.5.7


Checking Java version...


Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.


Scan started at 23:06:51 2007-08-22


Listing files found while scanning....


C:\windows\system32\adhcbyre.ini
C:\windows\system32\afwlsvch.dll
C:\windows\system32\ajoieyms.dll
C:\windows\system32\akkvldeu.dll
C:\windows\system32\arrwfmnu.ini
C:\windows\system32\aupyaqlt.exe
C:\windows\system32\avsehkpo.dll
C:\windows\system32\avxmbnci.exe
C:\WINDOWS\system32\awvtq.dll
C:\windows\system32\aylxboob.ini
C:\windows\system32\bbpkffce.exe
C:\windows\system32\bkspknsp.dll
C:\windows\system32\blbuetsc.ini
C:\windows\system32\blgwvbxa.dll
C:\windows\system32\boobxlya.dll
C:\windows\system32\bqrrqnaw.exe
C:\windows\system32\bvwtvaku.dll
C:\windows\system32\cegvtggj.dll
C:\windows\system32\cfenucla.dll
C:\windows\system32\ckqqmyjf.ini
C:\windows\system32\clrvherf.dll
C:\windows\system32\csteublb.dll
C:\windows\system32\dakpwcbx.exe
C:\windows\system32\dbxjxvon.dll
C:\windows\system32\dcxrpbux.ini
C:\windows\system32\ddayy.dll
C:\windows\system32\ddcyw.dll
C:\windows\system32\dhbbevys.exe
C:\windows\system32\dhkeissb.dll
C:\windows\system32\dlrrvwye.dll
C:\windows\system32\dolcjyoq.ini
C:\windows\system32\dwthsclj.exe
C:\windows\system32\elaqtojy.dll
C:\windows\system32\eoryqxyr.dll
C:\windows\system32\erybchda.dll
C:\windows\system32\evehvdud.dll
C:\windows\system32\eygjjojh.ini
C:\windows\system32\eynvfmrw.exe
C:\windows\system32\feqeihjk.dll
C:\windows\system32\fhguogiy.exe
C:\windows\system32\fhrcxegm.dll
C:\windows\system32\fjymqqkc.dll
C:\windows\system32\fkicohjy.dll
C:\windows\system32\fowoftqu.dll
C:\windows\system32\fupxhrls.dll
C:\windows\system32\genonnab.exe
C:\windows\system32\gpdbjqom.dll
C:\windows\system32\hhksvtnu.ini
C:\windows\system32\hjojjgye.dll
C:\windows\system32\hmivqlad.exe
C:\windows\system32\icscmxry.exe
C:\windows\system32\ieaidnqv.exe
C:\windows\system32\iebhlpex.exe
C:\WINDOWS\system32\iifgdcd.dll
C:\windows\system32\iksrofoy.exe
C:\windows\system32\imejbbpf.exe
C:\windows\system32\iptmnouy.dll
C:\windows\system32\isvtnwaf.dll
C:\windows\system32\jdphvqpo.dll
C:\windows\system32\jfxojvnn.dll
C:\windows\system32\jgmxxodw.ini
C:\windows\system32\jscybhro.dll
C:\windows\system32\kmayyenq.ini
C:\windows\system32\kmbdguxo.dll
C:\windows\system32\kpdqcroy.dll
C:\windows\system32\kqghxupt.dll
C:\windows\system32\kshdjyro.ini
C:\windows\system32\kuaerdep.dll
C:\windows\system32\kxxtxxue.exe
C:\windows\system32\laldqwgu.exe
C:\windows\system32\lfakxxox.dll
C:\windows\system32\lsmcteow.dll
C:\windows\system32\mbhmfqmq.dll
C:\windows\system32\mjlidhiw.exe
C:\windows\system32\mletjaah.exe
C:\windows\system32\mmxkhfcu.dll
C:\windows\system32\myvohysv.dll
C:\windows\system32\myxeawbu.dll
C:\windows\system32\nmxiagrc.exe
C:\windows\system32\nprxevrh.dll
C:\windows\system32\nswikfdx.dll
C:\windows\system32\oajfkmvj.exe
C:\windows\system32\oevxiwrh.dll
C:\windows\system32\ogrpxjby.dll
C:\windows\system32\oovnctor.dll
C:\windows\system32\opissyae.dll
C:\windows\system32\opqvhpdj.ini
C:\windows\system32\oqjkipqp.ini
C:\windows\system32\oqtgvwcx.dll
C:\windows\system32\oryjdhsk.dll
C:\windows\system32\oscinhmw.dll
C:\windows\system32\pafowknm.dll
C:\windows\system32\pfdgweoj.exe
C:\windows\system32\pmgbciwa.exe
C:\windows\system32\ppbdesuf.dll
C:\windows\system32\pqpikjqo.dll
C:\windows\system32\pseocejv.dll
C:\windows\system32\qcixwdtq.dll
C:\windows\system32\qfcplvxr.dll
C:\windows\system32\qfkvcpny.dll
C:\windows\system32\qikigsmx.dll
C:\windows\system32\qlvtpjvr.ini
C:\windows\system32\qneyyamk.dll
C:\windows\system32\qnrskrix.ini
C:\windows\system32\qoyjclod.dll
C:\windows\system32\qtvwa.bak1
C:\windows\system32\qtvwa.bak2
C:\windows\system32\qtvwa.ini
C:\windows\system32\qusgmisu.dll
C:\windows\system32\reupkhji.exe
C:\windows\system32\rflpewrk.dll
C:\windows\system32\rrgpklmi.exe
C:\windows\system32\rvjptvlq.dll
C:\windows\system32\ryxqyroe.ini
C:\windows\system32\sakvabio.dll
C:\windows\system32\shrsflew.dll
C:\windows\system32\sqfhmprx.dll
C:\windows\system32\sqgushmg.exe
C:\windows\system32\thvxjntj.dll
C:\windows\system32\tixgdutp.dll
C:\windows\system32\tkqlxnak.exe
C:\windows\system32\trpixqpu.dll
C:\windows\system32\ucovsatw.ini
C:\windows\system32\ucscmnaf.dll
C:\windows\system32\uedlvkka.ini
C:\windows\system32\uiuajlqt.exe
C:\windows\system32\unmfwrra.dll
C:\windows\system32\untvskhh.dll
C:\windows\system32\uqtfowof.ini
C:\windows\system32\vprdjlnc.dll
C:\windows\system32\vxpqcsbu.dll
C:\windows\system32\wbjyalmv.exe
C:\windows\system32\wdeaixxg.exe
C:\windows\system32\wdoxxmgj.dll
C:\windows\system32\welfsrhs.ini
C:\windows\system32\wepdpvhi.dll
C:\windows\system32\wjximbax.ini
C:\windows\system32\wlwliril.dll
C:\windows\system32\wmhnicso.ini
C:\windows\system32\woetcmsl.ini
C:\windows\system32\wtasvocu.dll
C:\windows\system32\wycdd.ini
C:\windows\system32\xabmixjw.dll
C:\windows\system32\xcemewjg.exe
C:\windows\system32\xcwvgtqo.ini
C:\windows\system32\xfyovmna.exe
C:\windows\system32\xirksrnq.dll
C:\windows\system32\xmsgikiq.ini
C:\windows\system32\xoxxkafl.ini
C:\windows\system32\xrpmhfqs.ini
C:\windows\system32\xubprxcd.dll
C:\windows\system32\ybjxprgo.ini
C:\windows\system32\ybsdamqq.exe
C:\windows\system32\yjhocikf.ini
C:\windows\system32\yjotqale.ini
C:\windows\system32\ykvasxor.exe
C:\windows\system32\ymkemvsq.exe
C:\windows\system32\yorcqdpk.ini
C:\windows\system32\yuonmtpi.ini
C:\windows\system32\yxvqvrye.dll
C:\windows\system32\yyadd.ini


Beginning removal...


Attempting to delete C:\windows\system32\adhcbyre.ini
C:\windows\system32\adhcbyre.ini Has been deleted!


Attempting to delete C:\windows\system32\afwlsvch.dll
C:\windows\system32\afwlsvch.dll Has been deleted!


Attempting to delete C:\windows\system32\ajoieyms.dll
C:\windows\system32\ajoieyms.dll Has been deleted!


Attempting to delete C:\windows\system32\akkvldeu.dll
C:\windows\system32\akkvldeu.dll Has been deleted!


Attempting to delete C:\windows\system32\arrwfmnu.ini
C:\windows\system32\arrwfmnu.ini Has been deleted!


Attempting to delete C:\windows\system32\aupyaqlt.exe
C:\windows\system32\aupyaqlt.exe Has been deleted!


Attempting to delete C:\windows\system32\avsehkpo.dll
C:\windows\system32\avsehkpo.dll Has been deleted!


Attempting to delete C:\windows\system32\avxmbnci.exe
C:\windows\system32\avxmbnci.exe Has been deleted!


Attempting to delete C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\awvtq.dll Has been deleted!


Attempting to delete C:\windows\system32\aylxboob.ini
C:\windows\system32\aylxboob.ini Has been deleted!


Attempting to delete C:\windows\system32\bbpkffce.exe
C:\windows\system32\bbpkffce.exe Has been deleted!


Attempting to delete C:\windows\system32\bkspknsp.dll
C:\windows\system32\bkspknsp.dll Has been deleted!


Attempting to delete C:\windows\system32\blbuetsc.ini
C:\windows\system32\blbuetsc.ini Has been deleted!


Attempting to delete C:\windows\system32\blgwvbxa.dll
C:\windows\system32\blgwvbxa.dll Has been deleted!


Attempting to delete C:\windows\system32\boobxlya.dll
C:\windows\system32\boobxlya.dll Has been deleted!


Attempting to delete C:\windows\system32\bqrrqnaw.exe
C:\windows\system32\bqrrqnaw.exe Has been deleted!


Attempting to delete C:\windows\system32\bvwtvaku.dll
C:\windows\system32\bvwtvaku.dll Has been deleted!


Attempting to delete C:\windows\system32\cegvtggj.dll
C:\windows\system32\cegvtggj.dll Has been deleted!


Attempting to delete C:\windows\system32\cfenucla.dll
C:\windows\system32\cfenucla.dll Has been deleted!


Attempting to delete C:\windows\system32\ckqqmyjf.ini
C:\windows\system32\ckqqmyjf.ini Has been deleted!


Attempting to delete C:\windows\system32\clrvherf.dll
C:\windows\system32\clrvherf.dll Has been deleted!


Attempting to delete C:\windows\system32\csteublb.dll
C:\windows\system32\csteublb.dll Has been deleted!


Attempting to delete C:\windows\system32\dakpwcbx.exe
C:\windows\system32\dakpwcbx.exe Has been deleted!


Attempting to delete C:\windows\system32\dbxjxvon.dll
C:\windows\system32\dbxjxvon.dll Has been deleted!


Attempting to delete C:\windows\system32\dcxrpbux.ini
C:\windows\system32\dcxrpbux.ini Has been deleted!


Attempting to delete C:\windows\system32\ddayy.dll
C:\windows\system32\ddayy.dll Has been deleted!


Attempting to delete C:\windows\system32\ddcyw.dll
C:\windows\system32\ddcyw.dll Has been deleted!


Attempting to delete C:\windows\system32\dhbbevys.exe
C:\windows\system32\dhbbevys.exe Has been deleted!


Attempting to delete C:\windows\system32\dhkeissb.dll
C:\windows\system32\dhkeissb.dll Has been deleted!


Attempting to delete C:\windows\system32\dlrrvwye.dll
C:\windows\system32\dlrrvwye.dll Has been deleted!


Attempting to delete C:\windows\system32\dolcjyoq.ini
C:\windows\system32\dolcjyoq.ini Has been deleted!


Attempting to delete C:\windows\system32\dwthsclj.exe
C:\windows\system32\dwthsclj.exe Has been deleted!


Attempting to delete C:\windows\system32\elaqtojy.dll
C:\windows\system32\elaqtojy.dll Has been deleted!


Attempting to delete C:\windows\system32\eoryqxyr.dll
C:\windows\system32\eoryqxyr.dll Has been deleted!


Attempting to delete C:\windows\system32\erybchda.dll
C:\windows\system32\erybchda.dll Has been deleted!


Attempting to delete C:\windows\system32\evehvdud.dll
C:\windows\system32\evehvdud.dll Has been deleted!


Attempting to delete C:\windows\system32\eygjjojh.ini
C:\windows\system32\eygjjojh.ini Has been deleted!


Attempting to delete C:\windows\system32\eynvfmrw.exe
C:\windows\system32\eynvfmrw.exe Has been deleted!


Attempting to delete C:\windows\system32\feqeihjk.dll
C:\windows\system32\feqeihjk.dll Has been deleted!


Attempting to delete C:\windows\system32\fhguogiy.exe
C:\windows\system32\fhguogiy.exe Has been deleted!


Attempting to delete C:\windows\system32\fhrcxegm.dll
C:\windows\system32\fhrcxegm.dll Has been deleted!


Attempting to delete C:\windows\system32\fjymqqkc.dll
C:\windows\system32\fjymqqkc.dll Has been deleted!


Attempting to delete C:\windows\system32\fkicohjy.dll
C:\windows\system32\fkicohjy.dll Has been deleted!


Attempting to delete C:\windows\system32\fowoftqu.dll
C:\windows\system32\fowoftqu.dll Has been deleted!


Attempting to delete C:\windows\system32\fupxhrls.dll
C:\windows\system32\fupxhrls.dll Has been deleted!


Attempting to delete C:\windows\system32\genonnab.exe
C:\windows\system32\genonnab.exe Has been deleted!


Attempting to delete C:\windows\system32\gpdbjqom.dll
C:\windows\system32\gpdbjqom.dll Has been deleted!


Attempting to delete C:\windows\system32\hhksvtnu.ini
C:\windows\system32\hhksvtnu.ini Has been deleted!


Attempting to delete C:\windows\system32\hjojjgye.dll
C:\windows\system32\hjojjgye.dll Has been deleted!


Attempting to delete C:\windows\system32\hmivqlad.exe
C:\windows\system32\hmivqlad.exe Has been deleted!


Attempting to delete C:\windows\system32\icscmxry.exe
C:\windows\system32\icscmxry.exe Has been deleted!


Attempting to delete C:\windows\system32\ieaidnqv.exe
C:\windows\system32\ieaidnqv.exe Has been deleted!


Attempting to delete C:\windows\system32\iebhlpex.exe
C:\windows\system32\iebhlpex.exe Has been deleted!


Attempting to delete C:\WINDOWS\system32\iifgdcd.dll
C:\WINDOWS\system32\iifgdcd.dll Could not be deleted.


Attempting to delete C:\windows\system32\iksrofoy.exe
C:\windows\system32\iksrofoy.exe Has been deleted!


Attempting to delete C:\windows\system32\imejbbpf.exe
C:\windows\system32\imejbbpf.exe Has been deleted!


Attempting to delete C:\windows\system32\iptmnouy.dll
C:\windows\system32\iptmnouy.dll Has been deleted!


Attempting to delete C:\windows\system32\isvtnwaf.dll
C:\windows\system32\isvtnwaf.dll Has been deleted!


Attempting to delete C:\windows\system32\jdphvqpo.dll
C:\windows\system32\jdphvqpo.dll Has been deleted!


Attempting to delete C:\windows\system32\jfxojvnn.dll
C:\windows\system32\jfxojvnn.dll Has been deleted!


Attempting to delete C:\windows\system32\jgmxxodw.ini
C:\windows\system32\jgmxxodw.ini Has been deleted!


Attempting to delete C:\windows\system32\jscybhro.dll
C:\windows\system32\jscybhro.dll Has been deleted!


Attempting to delete C:\windows\system32\kmayyenq.ini
C:\windows\system32\kmayyenq.ini Has been deleted!


Attempting to delete C:\windows\system32\kmbdguxo.dll
C:\windows\system32\kmbdguxo.dll Has been deleted!


Attempting to delete C:\windows\system32\kpdqcroy.dll
C:\windows\system32\kpdqcroy.dll Has been deleted!


Attempting to delete C:\windows\system32\kqghxupt.dll
C:\windows\system32\kqghxupt.dll Has been deleted!


Attempting to delete C:\windows\system32\kshdjyro.ini
C:\windows\system32\kshdjyro.ini Has been deleted!


Attempting to delete C:\windows\system32\kuaerdep.dll
C:\windows\system32\kuaerdep.dll Has been deleted!


Attempting to delete C:\windows\system32\kxxtxxue.exe
C:\windows\system32\kxxtxxue.exe Has been deleted!


Attempting to delete C:\windows\system32\laldqwgu.exe
C:\windows\system32\laldqwgu.exe Has been deleted!


Attempting to delete C:\windows\system32\lfakxxox.dll
C:\windows\system32\lfakxxox.dll Has been deleted!


Attempting to delete C:\windows\system32\lsmcteow.dll
C:\windows\system32\lsmcteow.dll Has been deleted!


Attempting to delete C:\windows\system32\mbhmfqmq.dll
C:\windows\system32\mbhmfqmq.dll Has been deleted!


Attempting to delete C:\windows\system32\mjlidhiw.exe
C:\windows\system32\mjlidhiw.exe Has been deleted!


Attempting to delete C:\windows\system32\mletjaah.exe
C:\windows\system32\mletjaah.exe Has been deleted!


Attempting to delete C:\windows\system32\mmxkhfcu.dll
C:\windows\system32\mmxkhfcu.dll Has been deleted!


Attempting to delete C:\windows\system32\myvohysv.dll
C:\windows\system32\myvohysv.dll Has been deleted!


Attempting to delete C:\windows\system32\myxeawbu.dll
C:\windows\system32\myxeawbu.dll Has been deleted!


Attempting to delete C:\windows\system32\nmxiagrc.exe
C:\windows\system32\nmxiagrc.exe Has been deleted!


Attempting to delete C:\windows\system32\nprxevrh.dll
C:\windows\system32\nprxevrh.dll Has been deleted!


Attempting to delete C:\windows\system32\nswikfdx.dll
C:\windows\system32\nswikfdx.dll Has been deleted!


Attempting to delete C:\windows\system32\oajfkmvj.exe
C:\windows\system32\oajfkmvj.exe Has been deleted!


Attempting to delete C:\windows\system32\oevxiwrh.dll
C:\windows\system32\oevxiwrh.dll Has been deleted!


Attempting to delete C:\windows\system32\ogrpxjby.dll
C:\windows\system32\ogrpxjby.dll Has been deleted!


Attempting to delete C:\windows\system32\oovnctor.dll
C:\windows\system32\oovnctor.dll Has been deleted!


Attempting to delete C:\windows\system32\opissyae.dll
C:\windows\system32\opissyae.dll Has been deleted!


Attempting to delete C:\windows\system32\opqvhpdj.ini
C:\windows\system32\opqvhpdj.ini Has been deleted!


Attempting to delete C:\windows\system32\oqjkipqp.ini
C:\windows\system32\oqjkipqp.ini Has been deleted!


Attempting to delete C:\windows\system32\oqtgvwcx.dll
C:\windows\system32\oqtgvwcx.dll Has been deleted!


Attempting to delete C:\windows\system32\oryjdhsk.dll
C:\windows\system32\oryjdhsk.dll Has been deleted!


Attempting to delete C:\windows\system32\oscinhmw.dll
C:\windows\system32\oscinhmw.dll Has been deleted!


Attempting to delete C:\windows\system32\pafowknm.dll
C:\windows\system32\pafowknm.dll Has been deleted!


Attempting to delete C:\windows\system32\pfdgweoj.exe
C:\windows\system32\pfdgweoj.exe Has been deleted!


Attempting to delete C:\windows\system32\pmgbciwa.exe
C:\windows\system32\pmgbciwa.exe Has been deleted!


Attempting to delete C:\windows\system32\ppbdesuf.dll
C:\windows\system32\ppbdesuf.dll Has been deleted!


Attempting to delete C:\windows\system32\pqpikjqo.dll
C:\windows\system32\pqpikjqo.dll Has been deleted!


Attempting to delete C:\windows\system32\pseocejv.dll
C:\windows\system32\pseocejv.dll Has been deleted!


Attempting to delete C:\windows\system32\qcixwdtq.dll
C:\windows\system32\qcixwdtq.dll Has been deleted!


Attempting to delete C:\windows\system32\qfcplvxr.dll
C:\windows\system32\qfcplvxr.dll Has been deleted!


Attempting to delete C:\windows\system32\qfkvcpny.dll
C:\windows\system32\qfkvcpny.dll Has been deleted!


Attempting to delete C:\windows\system32\qikigsmx.dll
C:\windows\system32\qikigsmx.dll Has been deleted!


Attempting to delete C:\windows\system32\qlvtpjvr.ini
C:\windows\system32\qlvtpjvr.ini Has been deleted!


Attempting to delete C:\windows\system32\qneyyamk.dll
C:\windows\system32\qneyyamk.dll Has been deleted!


Attempting to delete C:\windows\system32\qnrskrix.ini
C:\windows\system32\qnrskrix.ini Has been deleted!


Attempting to delete C:\windows\system32\qoyjclod.dll
C:\windows\system32\qoyjclod.dll Has been deleted!


Attempting to delete C:\windows\system32\qtvwa.bak1
C:\windows\system32\qtvwa.bak1 Has been deleted!


Attempting to delete C:\windows\system32\qtvwa.bak2
C:\windows\system32\qtvwa.bak2 Has been deleted!


Attempting to delete C:\windows\system32\qtvwa.ini
C:\windows\system32\qtvwa.ini Has been deleted!


Attempting to delete C:\windows\system32\qusgmisu.dll
C:\windows\system32\qusgmisu.dll Has been deleted!


Attempting to delete C:\windows\system32\reupkhji.exe
C:\windows\system32\reupkhji.exe Has been deleted!


Attempting to delete C:\windows\system32\rflpewrk.dll
C:\windows\system32\rflpewrk.dll Has been deleted!


Attempting to delete C:\windows\system32\rrgpklmi.exe
C:\windows\system32\rrgpklmi.exe Has been deleted!


Attempting to delete C:\windows\system32\rvjptvlq.dll
C:\windows\system32\rvjptvlq.dll Has been deleted!


Attempting to delete C:\windows\system32\ryxqyroe.ini
C:\windows\system32\ryxqyroe.ini Has been deleted!


Attempting to delete C:\windows\system32\sakvabio.dll
C:\windows\system32\sakvabio.dll Has been deleted!


Attempting to delete C:\windows\system32\shrsflew.dll
C:\windows\system32\shrsflew.dll Has been deleted!


Attempting to delete C:\windows\system32\sqfhmprx.dll
C:\windows\system32\sqfhmprx.dll Has been deleted!


Attempting to delete C:\windows\system32\sqgushmg.exe
C:\windows\system32\sqgushmg.exe Has been deleted!


Attempting to delete C:\windows\system32\thvxjntj.dll
C:\windows\system32\thvxjntj.dll Has been deleted!


Attempting to delete C:\windows\system32\tixgdutp.dll
C:\windows\system32\tixgdutp.dll Has been deleted!


Attempting to delete C:\windows\system32\tkqlxnak.exe
C:\windows\system32\tkqlxnak.exe Has been deleted!


Attempting to delete C:\windows\system32\trpixqpu.dll
C:\windows\system32\trpixqpu.dll Has been deleted!


Attempting to delete C:\windows\system32\ucovsatw.ini
C:\windows\system32\ucovsatw.ini Has been deleted!


Attempting to delete C:\windows\system32\ucscmnaf.dll
C:\windows\system32\ucscmnaf.dll Has been deleted!


Attempting to delete C:\windows\system32\uedlvkka.ini
C:\windows\system32\uedlvkka.ini Has been deleted!


Attempting to delete C:\windows\system32\uiuajlqt.exe
C:\windows\system32\uiuajlqt.exe Has been deleted!


Attempting to delete C:\windows\system32\unmfwrra.dll
C:\windows\system32\unmfwrra.dll Has been deleted!


Attempting to delete C:\windows\system32\untvskhh.dll
C:\windows\system32\untvskhh.dll Has been deleted!


Attempting to delete C:\windows\system32\uqtfowof.ini
C:\windows\system32\uqtfowof.ini Has been deleted!


Attempting to delete C:\windows\system32\vprdjlnc.dll
C:\windows\system32\vprdjlnc.dll Has been deleted!


Attempting to delete C:\windows\system32\vxpqcsbu.dll
C:\windows\system32\vxpqcsbu.dll Has been deleted!


Attempting to delete C:\windows\system32\wbjyalmv.exe
C:\windows\system32\wbjyalmv.exe Has been deleted!


Attempting to delete C:\windows\system32\wdeaixxg.exe
C:\windows\system32\wdeaixxg.exe Has been deleted!


Attempting to delete C:\windows\system32\wdoxxmgj.dll
C:\windows\system32\wdoxxmgj.dll Has been deleted!


Attempting to delete C:\windows\system32\welfsrhs.ini
C:\windows\system32\welfsrhs.ini Has been deleted!


Attempting to delete C:\windows\system32\wepdpvhi.dll
C:\windows\system32\wepdpvhi.dll Has been deleted!


Attempting to delete C:\windows\system32\wjximbax.ini
C:\windows\system32\wjximbax.ini Has been deleted!


Attempting to delete C:\windows\system32\wlwliril.dll
C:\windows\system32\wlwliril.dll Has been deleted!


Attempting to delete C:\windows\system32\wmhnicso.ini
C:\windows\system32\wmhnicso.ini Has been deleted!


Attempting to delete C:\windows\system32\woetcmsl.ini
C:\windows\system32\woetcmsl.ini Has been deleted!


Attempting to delete C:\windows\system32\wtasvocu.dll
C:\windows\system32\wtasvocu.dll Has been deleted!


Attempting to delete C:\windows\system32\wycdd.ini
C:\windows\system32\wycdd.ini Has been deleted!


Attempting to delete C:\windows\system32\xabmixjw.dll
C:\windows\system32\xabmixjw.dll Has been deleted!


Attempting to delete C:\windows\system32\xcemewjg.exe
C:\windows\system32\xcemewjg.exe Has been deleted!


Attempting to delete C:\windows\system32\xcwvgtqo.ini
C:\windows\system32\xcwvgtqo.ini Has been deleted!


Attempting to delete C:\windows\system32\xfyovmna.exe
C:\windows\system32\xfyovmna.exe Has been deleted!


Attempting to delete C:\windows\system32\xirksrnq.dll
C:\windows\system32\xirksrnq.dll Has been deleted!


Attempting to delete C:\windows\system32\xmsgikiq.ini
C:\windows\system32\xmsgikiq.ini Has been deleted!


Attempting to delete C:\windows\system32\xoxxkafl.ini
C:\windows\system32\xoxxkafl.ini Has been deleted!


Attempting to delete C:\windows\system32\xrpmhfqs.ini
C:\windows\system32\xrpmhfqs.ini Has been deleted!


Attempting to delete C:\windows\system32\xubprxcd.dll
C:\windows\system32\xubprxcd.dll Has been deleted!


Attempting to delete C:\windows\system32\ybjxprgo.ini
C:\windows\system32\ybjxprgo.ini Has been deleted!


Attempting to delete C:\windows\system32\ybsdamqq.exe
C:\windows\system32\ybsdamqq.exe Has been deleted!


Attempting to delete C:\windows\system32\yjhocikf.ini
C:\windows\system32\yjhocikf.ini Has been deleted!


Attempting to delete C:\windows\system32\yjotqale.ini
C:\windows\system32\yjotqale.ini Has been deleted!


Attempting to delete C:\windows\system32\ykvasxor.exe
C:\windows\system32\ykvasxor.exe Has been deleted!


Attempting to delete C:\windows\system32\ymkemvsq.exe
C:\windows\system32\ymkemvsq.exe Has been deleted!


Attempting to delete C:\windows\system32\yorcqdpk.ini
C:\windows\system32\yorcqdpk.ini Has been deleted!


Attempting to delete C:\windows\system32\yuonmtpi.ini
C:\windows\system32\yuonmtpi.ini Has been deleted!


Attempting to delete C:\windows\system32\yxvqvrye.dll
C:\windows\system32\yxvqvrye.dll Has been deleted!


Attempting to delete C:\windows\system32\yyadd.ini
C:\windows\system32\yyadd.ini Has been deleted!


Performing Repairs to the registry.
Done!


Beginning removal...


Attempting to delete C:\WINDOWS\system32\iifgdcd.dll
C:\WINDOWS\system32\iifgdcd.dll Has been deleted!


Performing Repairs to the registry.
Done!


VundoFix V6.5.7


Checking Java version...


Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.


Scan started at 23:16:21 2007-08-22


Listing files found while scanning....


No infected files were found.
<<<<<<E O F>>>>>>>>>>>>>>>>>>


COMBOFIX LOG:


ComboFix 07-08-17.2 - "CANDACE" 2007-08-22 23:25:09.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.206 [GMT -4:00]



(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))



C:\.protected
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free\Data\ActivationCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free\Data\HOURS
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ActivationCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\Desktop.\crazy girls.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\DriveCleaner Free
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\DriveCleaner Free\DriveCleaner HomePage.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\DriveCleaner Free\DriveCleaner Online Manual.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\DriveCleaner Free\DriveCleaner Online Support.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\DriveCleaner Free\DriveCleaner.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\DriveCleaner Free\Uninstall DriveCleaner.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner Free\DriveCleaner HomePage.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner Free\DriveCleaner Online Manual.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner Free\DriveCleaner Online Support.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner Free\DriveCleaner.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner Free\Uninstall DriveCleaner.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup.\.protected
C:\DOCUME~1\BRYCEN\APPLIC~1\..\err.log
C:\DOCUME~1\BRYCEN\APPLIC~1\..\ResErrors.log
C:\DOCUME~1\BRYCEN\APPLIC~1\DriveCleaner Free
C:\DOCUME~1\BRYCEN\APPLIC~1\DriveCleaner Free\Logs\update.log
C:\DOCUME~1\BRYCEN\APPLIC~1\ErrorProtector Free
C:\DOCUME~1\BRYCEN\APPLIC~1\ErrorProtector Free\Logs\update.log
C:\DOCUME~1\BRYCEN\APPLIC~1\ShoppingReport
C:\DOCUME~1\BRYCEN\APPLIC~1\ShoppingReport\cs\Config.xml
C:\DOCUME~1\BRYCEN\APPLIC~1\ShoppingReport\cs\db\Aliases.dbs
C:\DOCUME~1\BRYCEN\APPLIC~1\ShoppingReport\cs\db\Sites.dbs
C:\DOCUME~1\BRYCEN\APPLIC~1\ShoppingReport\cs\dwld\WhiteList.xip
C:\DOCUME~1\BRYCEN\APPLIC~1\ShoppingReport\cs\persist.dbs
C:\DOCUME~1\BRYCEN\APPLIC~1\ShoppingReport\cs\report\aggr_storage.xml
C:\DOCUME~1\BRYCEN\APPLIC~1\ShoppingReport\cs\report\send_storage.xml
C:\DOCUME~1\BRYCEN\APPLIC~1\ShoppingReport\cs\res2\WhiteList.dbs
C:\DOCUME~1\BRYCEN\APPLIC~1\Ultimate Defender
C:\DOCUME~1\CANDACE\APPLIC~1.\DriveCleaner Free
C:\DOCUME~1\CANDACE\APPLIC~1.\DriveCleaner Free\Logs\update.log
C:\DOCUME~1\CANDACE\APPLIC~1.\ErrorProtector Free
C:\DOCUME~1\CANDACE\APPLIC~1.\ErrorProtector Free\Logs\update.log
C:\DOCUME~1\CANDACE\APPLIC~1.\macromedia\Flash Player\#SharedObjects\XDYWDPQG\www.broadcaster.com
C:\DOCUME~1\CANDACE\APPLIC~1.\macromedia\Flash Player\#SharedObjects\XDYWDPQG\www.broadcaster.com\played_list.sol
C:\DOCUME~1\CANDACE\APPLIC~1.\macromedia\Flash Player\#SharedObjects\XDYWDPQG\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\CANDACE\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\CANDACE\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\CANDACE\APPLIC~1.\Ultimate Defender
C:\DOCUME~1\CANDACE\APPLIC~1.\Ultimate Defender\logs\1187296559.log
C:\DOCUME~1\CANDACE\APPLIC~1.\Ultimate Defender\logs\1187298218.log
C:\DOCUME~1\CANDACE\APPLIC~1\..\err.log
C:\DOCUME~1\CANDACE\APPLIC~1\..\ResErrors.log
C:\DOCUME~1\CANDACE\APPLIC~1\DriveCleaner Free\Logs\update.log
C:\DOCUME~1\CANDACE\APPLIC~1\ErrorProtector Free\Logs\update.log
C:\DOCUME~1\CANDACE\APPLIC~1\FunWebProducts
C:\DOCUME~1\CANDACE\APPLIC~1\FunWebProducts\Data\CANDACE\wffavs.dat
C:\DOCUME~1\CANDACE\APPLIC~1\ShoppingReport
C:\DOCUME~1\CANDACE\APPLIC~1\ShoppingReport\cs\Config.xml
C:\DOCUME~1\CANDACE\APPLIC~1\ShoppingReport\cs\db\Aliases.dbs
C:\DOCUME~1\CANDACE\APPLIC~1\ShoppingReport\cs\db\Sites.dbs
C:\DOCUME~1\CANDACE\APPLIC~1\ShoppingReport\cs\dwld\WhiteList.xip
C:\DOCUME~1\CANDACE\APPLIC~1\ShoppingReport\cs\persist.dbs
C:\DOCUME~1\CANDACE\APPLIC~1\ShoppingReport\cs\report\aggr_storage.xml
C:\DOCUME~1\CANDACE\APPLIC~1\ShoppingReport\cs\report\send_storage.xml
C:\DOCUME~1\CANDACE\APPLIC~1\ShoppingReport\cs\res1\WhiteList.dbs
C:\DOCUME~1\CANDACE\APPLIC~1\Ultimate Defender\logs\1187296559.log
C:\DOCUME~1\CANDACE\APPLIC~1\Ultimate Defender\logs\1187298218.log
C:\DOCUME~1\CANDACE\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\CANDACE\APPLIC~1\WinAntiVirus Pro 2007\avtasks.dat
C:\DOCUME~1\CANDACE\APPLIC~1\WinAntiVirus Pro 2007\CookieList.dat
C:\DOCUME~1\CANDACE\APPLIC~1\WinAntiVirus Pro 2007\history.db
C:\DOCUME~1\CANDACE\APPLIC~1\WinAntiVirus Pro 2007\Logs\update.log
C:\DOCUME~1\CANDACE\APPLIC~1\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\DOCUME~1\CANDACE\APPLIC~1\WinAntiVirus Pro 2007\Logs\winav.log
C:\DOCUME~1\CANDACE\APPLIC~1\WinAntiVirus Pro 2007\PGE.dat
C:\DOCUME~1\CANDACE\APPLIC~1\winantiviruspro2007freeinstall[1].exe
C:\DOCUME~1\CANDACE\Desktop.\internet explorer.lnk
C:\DOCUME~1\CANDACE\Desktop.\Spyware&Malware Protection.url
C:\DOCUME~1\CANDACE\Desktop\DriveCleaner Free.lnk
C:\DOCUME~1\CANDACE\Desktop\Error Cleaner.url
C:\DOCUME~1\CANDACE\Desktop\Privacy Protector.url
C:\DOCUME~1\CANDACE\FAVORI~1.\Error Cleaner.url
C:\DOCUME~1\CANDACE\FAVORI~1.\Privacy Protector.url
C:\DOCUME~1\CANDACE\FAVORI~1.\Spyware&Malware Protection.url
C:\DOCUME~1\CANDACE\STARTM~1.\crazy girls.lnk
C:\DOCUME~1\CANDACE\STARTM~1\Programs\Startup.\.protected
C:\DOCUME~1\OTHERS\APPLIC~1\..\err.log
C:\DOCUME~1\OTHERS\APPLIC~1\..\ResErrors.log
C:\DOCUME~1\OTHERS\APPLIC~1\DriveCleaner Free
C:\DOCUME~1\OTHERS\APPLIC~1\DriveCleaner Free\Logs\update.log
C:\DOCUME~1\OTHERS\APPLIC~1\ShoppingReport
C:\DOCUME~1\OTHERS\APPLIC~1\ShoppingReport\cs\Config.xml
C:\DOCUME~1\OTHERS\APPLIC~1\ShoppingReport\cs\db\Aliases.dbs
C:\DOCUME~1\OTHERS\APPLIC~1\ShoppingReport\cs\db\Sites.dbs
C:\DOCUME~1\OTHERS\APPLIC~1\ShoppingReport\cs\dwld\WhiteList.xip
C:\DOCUME~1\OTHERS\APPLIC~1\ShoppingReport\cs\persist.dbs
C:\DOCUME~1\OTHERS\APPLIC~1\ShoppingReport\cs\report\aggr_storage.xml
C:\DOCUME~1\OTHERS\APPLIC~1\ShoppingReport\cs\report\send_storage.xml
C:\DOCUME~1\OTHERS\APPLIC~1\ShoppingReport\cs\res1\WhiteList.dbs
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard\compwiz.exe
C:\Program Files\Common Files\Companion Wizard\compwiz.exe
C:\Program Files\Common Files\companion wizard\WapCHK.dll
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
C:\Program Files\Common Files\drivecleaner free
C:\Program Files\Common Files\drivecleaner free\dcsm.exe
C:\Program Files\Common Files\drivecleaner free\DNSE.exe
C:\Program Files\Common Files\drivecleaner free\up.dat
C:\Program Files\Common Files\winantivirus pro 2007
C:\Program Files\Common Files\winantivirus pro 2007\err.log
C:\Program Files\Common Files\WinAntiVirus Pro 2007\err.log
C:\Program Files\deskalerts
C:\Program Files\deskalerts\basis.xml
C:\Program Files\deskalerts\Cache\93702d9aa3b738064e9289e42edadcbf.xml
C:\Program Files\deskalerts\cancel_button.gif
C:\Program Files\deskalerts\deskbar.crc
C:\Program Files\deskalerts\deskbar.dll
C:\Program Files\deskalerts\deskbar.inf
C:\Program Files\deskalerts\history.html
C:\Program Files\deskalerts\hs_delete.bmp
C:\Program Files\deskalerts\hs_search.bmp
C:\Program Files\deskalerts\icons.bmp
C:\Program Files\deskalerts\mbclose.bmp
C:\Program Files\deskalerts\mblogo.bmp
C:\Program Files\deskalerts\newversion.txt
C:\Program Files\deskalerts\notify.wav
C:\Program Files\deskalerts\options.html
C:\Program Files\deskalerts\save_button.gif
C:\Program Files\deskalerts\title_back.gif
C:\Program Files\deskalerts\version.txt
C:\Program Files\DriveCleaner Free
C:\Program Files\DriveCleaner Free\Activate.dat
C:\Program Files\DriveCleaner Free\Appbase\AE_CD_Cr.dat
C:\Program Files\DriveCleaner Free\Appbase\AReadr4.dat
C:\Program Files\DriveCleaner Free\Appbase\AReadr5.dat
C:\Program Files\DriveCleaner Free\Appbase\ASDSEEpv.dat
C:\Program Files\DriveCleaner Free\Appbase\ASPack.dat
C:\Program Files\DriveCleaner Free\Appbase\Babylon.dat
C:\Program Files\DriveCleaner Free\Appbase\BDelphi5.dat
C:\Program Files\DriveCleaner Free\Appbase\CatchUp.dat
C:\Program Files\DriveCleaner Free\Appbase\CBuildr5.dat
C:\Program Files\DriveCleaner Free\Appbase\CCGA.dat
C:\Program Files\DriveCleaner Free\Appbase\CManager.dat
C:\Program Files\DriveCleaner Free\Appbase\CuteFTP4.dat
C:\Program Files\DriveCleaner Free\Appbase\CuteHTML.dat
C:\Program Files\DriveCleaner Free\Appbase\DAcceler.dat
C:\Program Files\DriveCleaner Free\Appbase\DiscJug.dat
C:\Program Files\DriveCleaner Free\Appbase\ECDCreat4.dat
C:\Program Files\DriveCleaner Free\Appbase\Far.dat
C:\Program Files\DriveCleaner Free\Appbase\FFTsks.dat
C:\Program Files\DriveCleaner Free\Appbase\FlashFXP.dat
C:\Program Files\DriveCleaner Free\Appbase\FrntPage.dat
C:\Program Files\DriveCleaner Free\Appbase\FrontPEx.dat
C:\Program Files\DriveCleaner Free\Appbase\FtpEXP.dat
C:\Program Files\DriveCleaner Free\Appbase\FtpVoya.dat
C:\Program Files\DriveCleaner Free\Appbase\GetRight.dat
C:\Program Files\DriveCleaner Free\Appbase\GoZilla.dat
C:\Program Files\DriveCleaner Free\Appbase\GravMRU.dat
C:\Program Files\DriveCleaner Free\Appbase\H_TxtPad.dat
C:\Program Files\DriveCleaner Free\Appbase\HomeSite.dat
C:\Program Files\DriveCleaner Free\Appbase\HotDogPr.dat
C:\Program Files\DriveCleaner Free\Appbase\IconExtr.dat
C:\Program Files\DriveCleaner Free\Appbase\iMesh.dat
C:\Program Files\DriveCleaner Free\Appbase\ImgReady3.dat
C:\Program Files\DriveCleaner Free\Appbase\InsShExp.dat
C:\Program Files\DriveCleaner Free\Appbase\JASC_P_P.dat
C:\Program Files\DriveCleaner Free\Appbase\KaZaA.dat
C:\Program Files\DriveCleaner Free\Appbase\LView.dat
C:\Program Files\DriveCleaner Free\Appbase\MacDir.dat
C:\Program Files\DriveCleaner Free\Appbase\MacDrWea.dat
C:\Program Files\DriveCleaner Free\Appbase\MicAng.dat
C:\Program Files\DriveCleaner Free\Appbase\MicDes.dat
C:\Program Files\DriveCleaner Free\Appbase\MM_CON.dat
C:\Program Files\DriveCleaner Free\Appbase\MMUnDisk.dat
C:\Program Files\DriveCleaner Free\Appbase\Morpheus.dat
C:\Program Files\DriveCleaner Free\Appbase\MPaint.dat
C:\Program Files\DriveCleaner Free\Appbase\MPicPub.dat
C:\Program Files\DriveCleaner Free\Appbase\MPImaGal.dat
C:\Program Files\DriveCleaner Free\Appbase\MSExplorer.dat
C:\Program Files\DriveCleaner Free\Appbase\MSoffice.dat
C:\Program Files\DriveCleaner Free\Appbase\MSRegEdit.dat
C:\Program Files\DriveCleaner Free\Appbase\MSWMP.dat
C:\Program Files\DriveCleaner Free\Appbase\MSWordPad.dat
C:\Program Files\DriveCleaner Free\Appbase\Nero.dat
C:\Program Files\DriveCleaner Free\Appbase\NetShow.dat
C:\Program Files\DriveCleaner Free\Appbase\NTBackup.dat
C:\Program Files\DriveCleaner Free\Appbase\pfilelst.xda
C:\Program Files\DriveCleaner Free\Appbase\PhotShel.dat
C:\Program Files\DriveCleaner Free\Appbase\PHPCoder.dat
C:\Program Files\DriveCleaner Free\Appbase\PowerZIP.dat
C:\Program Files\DriveCleaner Free\Appbase\RapidBr.dat
C:\Program Files\DriveCleaner Free\Appbase\RealAuPl.dat
C:\Program Files\DriveCleaner Free\Appbase\RealDown.dat
C:\Program Files\DriveCleaner Free\Appbase\SecurCRT.dat
C:\Program Files\DriveCleaner Free\Appbase\SL_BlWin.dat
C:\Program Files\DriveCleaner Free\Appbase\SmartClr.dat
C:\Program Files\DriveCleaner Free\Appbase\Sonique.dat
C:\Program Files\DriveCleaner Free\Appbase\StuffIt.dat
C:\Program Files\DriveCleaner Free\Appbase\TelepPro.dat
C:\Program Files\DriveCleaner Free\Appbase\UGifAnim.dat
C:\Program Files\DriveCleaner Free\Appbase\UltraEd.dat
C:\Program Files\DriveCleaner Free\Appbase\UMedStud.dat
C:\Program Files\DriveCleaner Free\Appbase\UPhImpV.dat
C:\Program Files\DriveCleaner Free\Appbase\UPhotoEx.dat
C:\Program Files\DriveCleaner Free\Appbase\UVidStud.dat
C:\Program Files\DriveCleaner Free\Appbase\VNC.dat
C:\Program Files\DriveCleaner Free\Appbase\WebFeret.dat
C:\Program Files\DriveCleaner Free\Appbase\WebReap.dat
C:\Program Files\DriveCleaner Free\Appbase\WinACE.dat
C:\Program Files\DriveCleaner Free\Appbase\WinGate.dat
C:\Program Files\DriveCleaner Free\Appbase\WinRAR.dat
C:\Program Files\DriveCleaner Free\Appbase\WinZIP.dat
C:\Program Files\DriveCleaner Free\Appbase\WiseInst.dat
C:\Program Files\DriveCleaner Free\Appbase\wordslst.xda
C:\Program Files\DriveCleaner Free\Appbase\YahooPl.dat
C:\Program Files\DriveCleaner Free\Appbase\ZipMagic.dat
C:\Program Files\DriveCleaner Free\atl71.dll
C:\Program Files\DriveCleaner Free\AV.dat
C:\Program Files\DriveCleaner Free\bnlink.dat
C:\Program Files\DriveCleaner Free\diagnosis.dat
C:\Program Files\DriveCleaner Free\err.log
C:\Program Files\DriveCleaner Free\img\button.gif
C:\Program Files\DriveCleaner Free\img\button2.gif
C:\Program Files\DriveCleaner Free\img\header.gif
C:\Program Files\DriveCleaner Free\img\logo.gif
C:\Program Files\DriveCleaner Free\img\spacer.gif
C:\Program Files\DriveCleaner Free\img\top_line.gif
C:\Program Files\DriveCleaner Free\img\top1.jpg
C:\Program Files\DriveCleaner Free\img\top2.jpg
C:\Program Files\DriveCleaner Free\InstHelp.exe
C:\Program Files\DriveCleaner Free\lapv.dat
C:\Program Files\DriveCleaner Free\license.rtf
C:\Program Files\DriveCleaner Free\manual.url
C:\Program Files\DriveCleaner Free\mfc71.dll
C:\Program Files\DriveCleaner Free\msvcp71.dll
C:\Program Files\DriveCleaner Free\msvcr71.dll
C:\Program Files\DriveCleaner Free\pv.dat
C:\Program Files\DriveCleaner Free\pv.exe
C:\Program Files\DriveCleaner Free\readme.rtf
C:\Program Files\DriveCleaner Free\remnag.dat
C:\Program Files\DriveCleaner Free\ResErrors.log
C:\Program Files\DriveCleaner Free\ScanReport.dat
C:\Program Files\DriveCleaner Free\Schedule.dat
C:\Program Files\DriveCleaner Free\sr.log
C:\Program Files\DriveCleaner Free\support.url
C:\Program Files\DriveCleaner Free\UDC.exe
C:\Program Files\DriveCleaner Free\UDC.xml
C:\Program Files\DriveCleaner Free\UDC6.url
C:\Program Files\DriveCleaner Free\UDC6cw.exe
C:\Program Files\DriveCleaner Free\UDCPChk.dll
C:\Program Files\DriveCleaner Free\unins000.dat
C:\Program Files\DriveCleaner Free\unins000.exe
C:\Program Files\DriveCleaner Free\uninstall.ico
C:\Program Files\DriveCleaner Free\UninstallPage.html
C:\Program Files\DriveCleaner Free\up.dat
C:\Program Files\DriveCleaner Free\updater.dat
C:\Program Files\DriveCleaner Free\vbpv.dat
C:\Program Files\errorprotector free
C:\Program Files\errorprotector free\Activate.dat
C:\Program Files\errorprotector free\atl71.dll
C:\Program Files\errorprotector free\bnlink.dat
C:\Program Files\errorprotector free\DataBase.sav
C:\Program Files\errorprotector free\ertmain.exe
C:\Program Files\errorprotector free\hmlink.dat
C:\Program Files\errorprotector free\insthelp.exe
C:\Program Files\errorprotector free\lapv.dat
C:\Program Files\errorprotector free\License.rtf
C:\Program Files\errorprotector free\mfc71.dll
C:\Program Files\errorprotector free\msvcp71.dll
C:\Program Files\errorprotector free\msvcr71.dll
C:\Program Files\errorprotector free\pv.dat
C:\Program Files\errorprotector free\readme.rtf
C:\Program Files\errorprotector free\ReportListFile.dat
C:\Program Files\errorprotector free\ResErrors.log
C:\Program Files\errorprotector free\sr.log
C:\Program Files\errorprotector free\st.dat
C:\Program Files\errorprotector free\support.url
C:\Program Files\errorprotector free\uertcookiemon.exe
C:\Program Files\errorprotector free\uerturl.url
C:\Program Files\errorprotector free\umain.xml
C:\Program Files\errorprotector free\unins000.dat
C:\Program Files\errorprotector free\unins000.exe
C:\Program Files\errorprotector free\up.dat
C:\Program Files\errorprotector free\updater.dat
C:\Program Files\errorprotector free\updater.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
C:\Program Files\instant access
C:\Program Files\instant access\Center\Crazy Girls.upd
C:\Program Files\instant access\Center\tray1.ico
C:\Program Files\instant access\Dialer\725478257\fp.pc-on-internet.com\50215\images\background.gif
C:\Program Files\instant access\Dialer\725478257\fp.pc-on-internet.com\50215\images\EN\index_01.jpg
C:\Program Files\instant access\Dialer\725478257\fp.pc-on-internet.com\50215\images\index_02.jpg
C:\Program Files\instant access\Dialer\725478257\fp.pc-on-internet.com\50215\images\index_04.jpg
C:\Program Files\instant access\Dialer\725478257\fp.pc-on-internet.com\fa20c13b37b2d92dd11c6f3029b90d91.html
C:\Program Files\instant access\Dialer\725478257\fp.pc-on-internet.com\fa20c13b37b2d92dd11c6f3029b90d91.html_0.loginvis
C:\Program Files\instant access\Dialer\725478257\us2-external-api.dlv4.com\js\276db3d83d7eea78e627a8ec2f3c3a32
C:\Program Files\instant access\Dialer\725478257\us2-www.0texkax7c6hzuidk.com\Common\a30adfa29f8ba19a5ff132e118057c1d.html
C:\Program Files\instant access\Dialer\725478257\us2-www.0texkax7c6hzuidk.com\custom\4239\4239_dialer.ico
C:\Program Files\instant access\Dialer\725478257\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\725478257\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\725478257\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\725478257\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\725478257\www.rapid-pass.net\a5264d23107b6f9213463c9fecce26a5
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\000A1C12
C:\Program Files\MyWebSearch\bar\Cache\002D300D
C:\Program Files\MyWebSearch\bar\Cache\002D4C9E.bin
C:\Program Files\MyWebSearch\bar\Cache\002D51AF.bin
C:\Program Files\MyWebSearch\bar\Cache\002D5F99.bin
C:\Program Files\MyWebSearch\bar\Cache\002D6631.bin
C:\Program Files\MyWebSearch\bar\Cache\002D698C.bin
C:\Program Files\MyWebSearch\bar\Cache\002D7062.bin
C:\Program Files\MyWebSearch\bar\Cache\002D76DA.bin
C:\Program Files\MyWebSearch\bar\Cache\002D790D.bin
C:\Program Files\MyWebSearch\bar\Cache\002D8794
C:\Program Files\MyWebSearch\bar\Cache\002F998C.bin
C:\Program Files\MyWebSearch\bar\Cache\002FA4D6.bin
C:\Program Files\MyWebSearch\bar\Cache\002FABEB.bin
C:\Program Files\MyWebSearch\bar\Cache\002FADCF.bin
C:\Program Files\MyWebSearch\bar\Cache\002FB14A.bin
C:\Program Files\MyWebSearch\bar\Cache\004AC4DE.bin
C:\Program Files\MyWebSearch\bar\Cache\004B07E2.bin
C:\Program Files\MyWebSearch\bar\Cache\004B091B.bin
C:\Program Files\MyWebSearch\bar\Cache\010E0D4D
C:\Program Files\MyWebSearch\bar\Cache\010E6D5E
C:\Program Files\MyWebSearch\bar\Cache\015FFF44.bin
C:\Program Files\MyWebSearch\bar\Cache\016019F0.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll
C:\Program Files\ShoppingReport\cs\persist.dbs
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\Ultimate Defender
C:\Program Files\Ultimate Defender\program.info
C:\Program Files\Ultimate Defender\udefender.pkg
C:\Program Files\Ultimate Defender\UltimateDefender.db
C:\Program Files\Ultimate Defender\UltimateDefender.exe
C:\Program Files\Ultimate Defender\Uninstall.exe
C:\Program Files\video access activex object
C:\Program Files\video access activex object\ot.ico
C:\Program Files\video access activex object\ts.ico
C:\Program Files\video activex access
C:\Program Files\video activex access\uninst.exe
C:\Program Files\VideoAccessCodec
C:\Program Files\VideoAccessCodec\install.ico
C:\Program Files\VideoAccessCodec\Uninstall.exe
C:\Program Files\VideoAccessCodec\VideoAccessCodec.ocx
C:\Program Files\vsadd-in
C:\UWA7P
C:\WINDOWS\.protected
C:\WINDOWS\dat.txt
C:\WINDOWS\duocore.dll
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\aagftdnk.exe
C:\WINDOWS\system32\afpwykbx.exe
C:\WINDOWS\system32\aionlieu.exe
C:\WINDOWS\system32\aqvxcmmy.exe
C:\WINDOWS\system32\atoqkcjr.exe
C:\WINDOWS\system32\avhgowgv.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cjkyjygo.exe
C:\WINDOWS\system32\cphiufxf.exe
C:\WINDOWS\system32\dbhjnnkm.dll
C:\WINDOWS\system32\dggwpdjm.exe
C:\WINDOWS\system32\dgtsudde.exe
C:\WINDOWS\system32\djcutjtj.exe
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\dsisqhps.exe
C:\WINDOWS\system32\ebpjxdis.exe
C:\WINDOWS\system32\ecwfmpqx.exe
C:\WINDOWS\system32\enqmqgsp.exe
C:\WINDOWS\system32\epymjqog.exe
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\gaionqgj.exe
C:\WINDOWS\system32\gkhortml.dll
C:\WINDOWS\system32\gknlnwwt.exe
C:\WINDOWS\system32\glgafjnw.exe
C:\WINDOWS\system32\gnubuxqv.dll
C:\WINDOWS\system32\gviacmdt.exe
C:\WINDOWS\system32\gxxltylg.exe
C:\WINDOWS\system32\gynouuln.exe
C:\WINDOWS\system32\hbinnvfj.exe
C:\WINDOWS\system32\hssxdhpu.exe
C:\WINDOWS\system32\ingxkuup.exe
C:\WINDOWS\system32\ixjbmpcu.exe
C:\WINDOWS\system32\jkunjays.exe
C:\WINDOWS\system32\jpiwoptv.exe
C:\WINDOWS\system32\jpwwbwxs.exe
C:\WINDOWS\system32\keucbocw.exe
C:\WINDOWS\system32\kklvmkqx.exe
C:\WINDOWS\system32\kmpourfs.dll
C:\WINDOWS\system32\kohpcuoq.exe
C:\WINDOWS\system32\kopdbyfe.exe
C:\WINDOWS\system32\kwrexyly.exe
C:\WINDOWS\system32\linkprd.exe
C:\WINDOWS\system32\llqkltbc.exe
C:\WINDOWS\system32\llwslhyv.exe
C:\WINDOWS\system32\lvekqiod.dll
C:\WINDOWS\system32\lysxkqdi.exe
C:\WINDOWS\system32\mbdahqwd.exe
C:\WINDOWS\system32\mknnjhbd.ini
C:\WINDOWS\system32\mmmbsvkl.exe
C:\WINDOWS\system32\ndxbaaxg.exe
C:\WINDOWS\system32\nelsubxd.exe
C:\WINDOWS\system32\nmdawcsl.exe
C:\WINDOWS\system32\nonblxeu.exe
C:\WINDOWS\system32\npdcaerg.exe
C:\WINDOWS\system32\nttbgrow.exe
C:\WINDOWS\system32\nuthgnon.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\oksbasix.exe
C:\WINDOWS\system32\omsffjoi.exe
C:\WINDOWS\system32\orphgxrg.exe
C:\WINDOWS\system32\pctpoyan.exe
C:\WINDOWS\system32\pjnagtvd.exe
C:\WINDOWS\system32\pvjunlvc.exe
C:\WINDOWS\system32\qgocxxyw.exe
C:\WINDOWS\system32\qidsdkno.dll
C:\WINDOWS\system32\qugfjwsf.exe
C:\WINDOWS\system32\rddqgmsn.exe
C:\WINDOWS\system32\rqviafai.exe
C:\WINDOWS\system32\sgoovatm.exe
C:\WINDOWS\system32\slgenqdh.exe
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\tbyjmxqv.exe
C:\WINDOWS\system32\tomuksmg.exe
C:\WINDOWS\system32\tvccuumy.exe
C:\WINDOWS\system32\uafeudar.exe
C:\WINDOWS\system32\ubhygdyt.exe
C:\WINDOWS\system32\uecinlri.exe
C:\WINDOWS\system32\ujnsvxrh.exe
C:\WINDOWS\system32\utdswsec.exe
C:\WINDOWS\system32\uvqwnymc.exe
C:\WINDOWS\system32\vbrvfkvh.exe
C:\WINDOWS\system32\vilfrcge.exe
C:\WINDOWS\system32\vlixvvir.exe
C:\WINDOWS\system32\vobvkads.exe
C:\WINDOWS\system32\vpyridue.exe
C:\WINDOWS\system32\wctdxfhi.exe
C:\WINDOWS\system32\wfmthvqt.exe
C:\WINDOWS\system32\wieogjga.exe
C:\WINDOWS\system32\wkxyfits.exe
C:\WINDOWS\system32\wmmdicap.exe
C:\WINDOWS\system32\wohnffea.exe
C:\WINDOWS\system32\wtnvqkgs.exe
C:\WINDOWS\system32\xfplqpmf.dll
C:\WINDOWS\system32\xvxmliat.exe
C:\WINDOWS\system32\yecgbthd.exe
C:\WINDOWS\system32\ytaqrlxu.exe
C:\WINDOWS\system32\ywhvmimq.exe
C:\WINDOWS\system32\yxhlften.exe
C:\WINDOWS\system32\yxsylbwu.dll
C:\WINDOWS\system32\yywefhvm.exe
C:\WINDOWS\wmpconf.dll
C:\WINDOWS\wmpenv.dll



(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))



-------\LEGACY_FOPN



(((((((((((((((((((((((((   Files Created from 2007-07-23 to 2007-08-23  )))))))))))))))))))))))))))))))



2007-08-22 23:06    <DIR>    d--------   C:\VundoFix Backups
2007-08-22 22:55    <DIR>    d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Viewpoint
2007-08-22 22:45    1,048,576   --ah-----   C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-22 22:45    <DIR>    d--h-----   C:\DOCUME~1\ADMINI~1\APPLIC~1\Gtek
2007-08-22 22:45    <DIR>    d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-08-22 21:45    6,928   --a------   C:\dnsbak.reg
2007-08-21 23:06    51,200  --a------   C:\WINDOWS\nircmd.exe
2007-08-21 21:34    <DIR>    d--------   C:\Program Files\DESTROYSPY
2007-08-21 20:56    63  --a------   C:\WINDOWS\system\SysSD.dll
2007-08-21 20:55    <DIR>    d--------   C:\Program Files\SpywareDetector
2007-08-21 20:36    <DIR>    d--------   C:\DOCUME~1\CANDACE\APPLIC~1\NCH Swift Sound
2007-08-21 20:34    <DIR>    d--------   C:\Program Files\NCH Swift Sound
2007-08-20 18:13    75,016  --a------   C:\DOCUME~1\CANDACE\APPLIC~1\PerfomanceOptimizerPre_Installer[1].exe
2007-08-20 18:13    2,103,064   --a------   C:\DOCUME~1\CANDACE\APPLIC~1\PerformanceoptimizerFreeSetup[1].exe
2007-08-20 18:13    <DIR>    d--------   C:\Program Files\Performanceoptimizer (Free)
2007-08-17 16:04    265,497 --a------   C:\WINDOWS\system32\pdtgeiypu_nav.dat
2007-08-17 16:03    7,777   --a------   C:\WINDOWS\system32\pdtgeiypu.dat
2007-08-17 16:03    2,831   --a------   C:\WINDOWS\system32\pdtgeiypu_navps.dat
2007-08-17 16:02    279,552 --a------   C:\WINDOWS\system32\pdtgeiypu.exe
2007-08-16 17:05    <DIR>    d--------   C:\Program Files\Common Files\PCTurboPro Free
2007-08-16 16:54    <DIR>    d--------   C:\Program Files\Common Files\ErrorProtector Free
2007-08-14 15:21    <DIR>    d--------   C:\My Downloads
2007-08-14 15:21    <DIR>    d--------   C:\DOCUME~1\BRYCEN\APPLIC~1\BearShare
2007-08-11 15:00    <DIR>    d--------   C:\My Video



((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-08-18 14:46    ---------   d--------   C:\Program Files\Yahoo!
2007-08-14 00:29    ---------   d--h-----   C:\Program Files\InstallShield Installation Information
2007-08-14 00:29    ---------   d--------   C:\Program Files\Creative
2007-08-13 23:58    ---------   d--------   C:\Program Files\The Weather Channel FW
2007-08-13 23:41    ---------   d--------   C:\Program Files\CDBurnerXP Pro 3
2007-07-19 02:59    3583488 --a------   C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 14:40    ---------   d--------   C:\Program Files\SuperStar
2007-07-12 19:31    765952  --a------   C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-05 23:26    ---------   d--------   C:\Program Files\Magic Academy
2007-07-05 23:26    ---------   d--------   C:\DOCUME~1\CANDACE\APPLIC~1\SpinTop
2007-07-04 12:43    ---------   d--------   C:\DOCUME~1\CANDACE\APPLIC~1\WildTangent
2007-07-04 12:41    ---------   d--------   C:\Program Files\WildGames
2007-07-04 00:00    ---------   d--------   C:\DOCUME~1\CANDACE\APPLIC~1\Magic Academy
2007-07-03 23:55    ---------   d--------   C:\Program Files\AOL Games
2007-06-29 19:52    133120  --a------   C:\WINDOWS\system32\zip32.dll
2007-06-27 10:34    823808  --a------   C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 10:34    671232  --a------   C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 10:34    6058496 ---------   C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 10:34    52224   ---------   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 10:34    477696  --a------   C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 10:34    459264  ---------   C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 10:34    44544   ---------   C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 10:34    384512  ---------   C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 10:34    383488  ---------   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 10:34    27648   --a------   C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 10:34    267776  ---------   C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 10:34    232960  ---------   C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 10:34    230400  ---------   C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 10:34    193024  --a------   C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 10:34    153088  ---------   C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 10:34    132608  --a------   C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 10:34    124928  ---------   C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:34    1152000 --a------   C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 10:34    105984  ---------   C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 10:34    102400  ---------   C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 04:27    63488   ---------   C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 04:27    625152  ---------   C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 04:27    13824   ---------   C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 03:00    161792  ---------   C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 02:08    1104896 --a------   C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08    1104896 ---------   C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31    282112  --a------   C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31    282112  ---------   C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 06:23    1033216 --a------   C:\WINDOWS\explorer.exe
2007-06-13 06:23    1033216 ---------   C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-11 23:51    10834944    --a------   C:\WINDOWS\system32\dllcache\wmp.dll
2006-11-10 01:58    774144  --a------   C:\Program Files\RngInterstitial.dll
2007-01-01 05:13:03 88  --sh--r C:\WINDOWS\system32\E908571D9C.sys
2007-01-01 05:13:21 3,350   --sha-w C:\WINDOWS\system32\KGyGaAvL.sys



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))



*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{242D5BFE-64E9-4A48-8056-F691B44FD931}]
C:\WINDOWS\system32\awvtq.dll


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 21:05]


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2006-09-26 13:39:10]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-09-26 13:36:48]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-09 12:09:10]


[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurqoo]
wvurqoo.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"


S2 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
S3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
S4 Blink Service;Blink Service;"C:\Program Files\Blink\blink.exe" "C:\Program Files\Blink\blink.dll" Service



Contents of the 'Scheduled Tasks' folder
2007-06-13 21:31:23 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
2007-08-21 13:00:00 C:\WINDOWS\Tasks\rpc.job


**************************************************************************


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-22 23:33:54
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************


Completion time: 2007-08-22 23:36:02 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-22 23:35


--- E O F ---

Edited by happygeek: fixed formatting

0

oops, and pls post the fixwareout log also... and we DEFINITELY have more to fix. Back in a while...
But be proud! Cos you have shot straight to the top of my Vundo infections and Combofix deletions leader boards... hehehe... I tell you, once we finish this cleanup your sys will weigh maybe half what it did.

0

Uninstall BearShare.
Right, pls fix these with hijackthis:

O2 - BHO: (no name) - {242D5BFE-64E9-4A48-8056-F691B44FD931} - C:\WINDOWS\system32\awvtq.dll (file missing)
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\tbu02553\MediaBar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\tbu02553\MediaBar.dll
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZZ
O9 - Extra button: Go to Blink - {95F6242A-62E4-4756-892F-F5D5D399CA25} - C:\Program Files\Blink\home.js
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Magic%20Academy/Images/stg_drm.ocx
O20 - Winlogon Notify: wvurqoo - wvurqoo.dll (file missing)

Good. Now to check a couple of services were deleted: Blink Service & DomainService ...
Go Start, run, type services.msc -and press Enter. Maximise the window and select Extended tab at foot, scroll to the specific service and if it exists, rclick it, select properties. Write down the exact Service Name. Press Stop if it is highlighted [you may have to set the service to Disable first]. Close Services, now type this line into the run text box and press Enter:
sc delete "exact Service Name" - don't be silly now....

SDFix:
==Download SDFix from here: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, which commonly will be C:\
==Restart your computer in Safe Mode:- press F8 several times while POST is running and before IDE detection completes.
- On the Windows Advanced Options Menu, select Safe Mode and press Enter.
- When the Boot Menu appears again, select Microsoft Windows XP and press Enter.
- Log in by using the Administrator account and password. NOTE: The password is blank by default unless you set a password.
==Pls run CCleaner now.
==Open the extracted SDFix folder, C:\SDFix and double click RunThis.bat to start the script. Type Y to begin the cleanup.
You will be prompted to press any key to Reboot - the pc will then restart.
The tool will run again and complete the removal process then display Finished; press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Restart the pc in normal mode. Post the contents of the file Report.txt here, along with the log of a fresh hijackthis scan run in normal mode.

JAVA Update:
==Finally: Java update!!! This is for security reasons. Go control panel > java > update, & press update now. Restart after installing the update, and then go into control panel again, add/remove pgms and remove all old versions of java. Vsn 1.6.0.1 is current....

Oh, why not get Spywareblaster? It's free, works in background by blocking bad sites, an I update it once monthly when M$ comes thru with windows updates.... it is when I manually check for a Java update also..
Say how things are when you next post.

0

HI GERBIL,

POP UP ADS ARE GONE!!!! YEAAAA!

HOWEVER, PLEASE ADDRESS THE FOLLOWING ISSUE:
1) I CAN'T APPLY A DESKTOP BACKGROUND

I've downloaded spywareblaster and Java vsn 1.6.0.2

I'VE FOLLOWED THE NEXT STEPS AND THE LOGS ARE POSTED BELOW:

FIXWAREOOUT REPORT


Username "CANDACE" - 2007-08-22 21:45:35 [Fixwareout edited 2007/07/05]


»»»»»Prerun check


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.134 85.255.112.104" <Value cleared.


Successfully flushed the DNS Resolver Cache.



System was rebooted successfully.


»»»»» Postrun check
....
....
»»»»» Misc files.
C:\Documents and Settings\CANDACE\Start Menu\Programs\VideoAccess  Deleted
C:\Program Files\VideoAccess  Deleted
....
»»»»» Checking for older varients.
....



C:\Program Files\Video ActiveX Access < Found
C:\Program Files\Video Access ActiveX Object < Found
Additional tools are recomended.


»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"ErrorProtector Free"="C:\\Program Files\\ErrorProtector Free\\ertmain.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


SDFIX REPORT


SDFix: Version 1.100


Run by Administrator on Thu 08/23/2007 at 09:23 PM


Microsoft Windows XP [Version 5.1.2600]


Running From: C:\SDFix


Safe Mode:
Checking Services:



Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...



Normal Mode:
Checking Files:


Trojan Files Found:


C:\WINDOWS\SYSTEM32\QTWMCI32.DLL - Deleted


Removing Temp Files...


ADS Check:


C:\WINDOWS
No streams found.


C:\WINDOWS\system32
No streams found.


C:\WINDOWS\system32\svchost.exe
No streams found.


C:\WINDOWS\system32\ntoskrnl.exe
No streams found.


Final Check:


Remaining Services:
------------------


Authorized Application Key Export:


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]


<<<<<<<<<<E O F >>>>>>>>>>>>>>>>>>


NEW HI JACK LOG


Logfile of HijackThis v1.99.1
Scan saved at 9:41:30 PM, on 8/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\DESTROYSPY\imabunny.exe.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060926
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Magic%20Academy/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


<<<<<<<<E O F>>>>>>>>>>

AND BEARSHARE IS GONE !

PEOPLE, GERBIL IS AWESOME :)

Edited by happygeek: fixed formatting

0

:0
Fix this entry with hijackthis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2

Reg keys/batch file text
==Please copy the text between the lines to a notepad and save as showkey.bat, as type "all files", to your desktop; dclick it to run, then post the file C:\showkey.txt
__________________________________________________________
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" >C:\showkey.txt
reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" >>C:\showkey.txt
__________________________________________________________
..make sure notepad format wordwrap is not checked.

0

Hi Gerbil,

i got the desktop back to working by going to cntrl panel...display...customize desktop...web tab...highlighting privacy protection and deleting it...then selected my background and pressing apply & ok

Do i still need to do what you're saying above? For some reason that fixed the error msg too.

Please advise

0

Just fix that R0 entry n you should be ok, ignore the batch file.. Good work on the web page removal from your desktop.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.