Multiple virii, trojans

[bergster]

My sister was using the spare computer when AVG8 (using it for the first time) noted several problems. After it cleaned up what it found, I could not access the internet. When I tried to repair the connection, it returned "Windows could not finish repairing the problem because the following action cannot be completed. Renewing your IP address." Since I could not access the internet from that computer, I downloaded SuperAntispyware, Malwarebytes and HiJackThis on a jumpdrive and ran them. Follows are the log


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/11/2008 at 09:09 PM

Application Version : 4.0.1154

Core Rules Database Version : 3458
Trace Rules Database Version: 1449

Scan type : Complete Scan
Total Scan Time : 02:15:47

Memory items scanned : 152
Memory threats detected : 0
Registry items scanned : 4680
Registry threats detected : 37
File items scanned : 116792
File threats detected : 356

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}
HKCR\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}

Adware.webHancer
HKLM\Software\Classes\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}
HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}
HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}
HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\InprocServer32
HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\InprocServer32#ThreadingModel
HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\ProgID
HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\Programmable
HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\VersionIndependentProgID
C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}
HKCR\WhIeHelperObj.WhIeHelperObj
HKCR\WhIeHelperObj.WhIeHelperObj\CurVer
HKCR\WhIeHelperObj.WhIeHelperObj.1
HKCR\WhIeHelperObj.WhIeHelperObj.1\CLSID
HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}
HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\ProxyStubClsid
HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\ProxyStubClsid32
HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\TypeLib
HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\TypeLib#Version
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\0
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\0\win32
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\FLAGS
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\HELPDIR
HKLM\Software\WebHancer
HKLM\Software\WebHancer#BaseDir
HKLM\Software\WebHancer\CC
HKLM\Software\WebHancer\CC#DistTag
HKLM\Software\WebHancer\CC#INSTFRM
HKLM\Software\WebHancer\CC#DWLLTM
HKLM\Software\WebHancer\CC#SLNTIND
HKLM\Software\WebHancer\CC#ACCPTPS
HKLM\Software\WebHancer\CC#id
HKLM\Software\WebHancer\ESO
HKLM\Software\WebHancer\ESO#aa
C:\Program Files\WEBHANCER\Programs\license.txt
C:\Program Files\WEBHANCER\Programs\readme.txt
C:\Program Files\WEBHANCER\Programs\sporder.dll
C:\Program Files\WEBHANCER\Programs\whagent.ini
C:\Program Files\WEBHANCER\Programs
C:\Program Files\WEBHANCER

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@2o7[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and ken@2o7[1].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and [email protected][1].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and [email protected][1].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and ken@adlegend[1].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and ken@adrevolver[1].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and ken@adrevolver[2].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and [email protected][1].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and ken@adserver[1].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and ken@advertising[2].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and ken@atdmt[2].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and ken@atwola[2].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and ken@doubleclick[1].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and [email protected][2].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and [email protected][2].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and ken@mediaplex[1].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and ken@questionmarket[2].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and ken@tacoda[1].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and ken@trafficmp[1].txt
C:\Documents and Settings\jen and ken\Local Settings\Temp\Cookies\jen and ken@tribalfusion[1].txt
F:\Documents and Settings\LocalService\Cookies\system@mywebsearch[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@10click[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@247realmedia[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@2o7[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@a.************[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@adbriteandfreestyle[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@adbrite[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@adecn[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@adinterax[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@adknowledge[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@adlegend[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@adprofile[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@adrevolver[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@adrevolver[3].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@adserver[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@adtech[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@adultfriendfinder[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@apmebf[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@askiacsearchmedia[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@atwola[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@azjmp[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@azoogleads[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@banner[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@belnk[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@bizrate[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@bluestreak[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@bravenet[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@buddytracker[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@burstnet[2].txt

[bergster]

continued...

F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@casalemedia[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@clickbank[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@clickondetroit[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@clicksor[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@cliks[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@collective-media[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@coolsavings[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@cpvfeed[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@dealtime[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@dynamicsitestats[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@eleadstracker[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@eyewonder[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@ez-tracks[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@************[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@findwhat[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@fliptrack[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@gostats[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@hitbox[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@imediaclix[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@indextools[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@insightexpressai[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@inteletrack[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@kanoodle[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@keywordmax[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@kontera[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@maxserving[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@media303[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@media6degrees[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@mediapromoter[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@mywebsearch[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@nbads[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@nextag[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@onlinerewardcenter[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@overture[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@partner2profit[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@partypoker[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@peoplefinders[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@pro-market[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@qksrv[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@qnsr[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@questionmarket[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@realmedia[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@redorbit[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@revenue[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@revsci[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@roiservice[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@screensavers[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@serving-sys[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@seventeen[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@smileycentral[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@socialmedia[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@spamblockerutility[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@specificclick[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@statcounter[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@statsync[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@tacoda[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@toplist[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@tradedoubler[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@trafficdashboard[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@trafficmp[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@trafficregenerator[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@tribalfusion[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@tripod[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@yfdmedia[2].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@yieldmanager[1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Cookies\marilyn berg@zedo[1].txt
F:\Documents and Settings\Marilyn Berg\Local Settings\Temp\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Local Settings\Temp\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Local Settings\Temp\Cookies\marilyn berg@adrevolver[1].txt
F:\Documents and Settings\Marilyn Berg\Local Settings\Temp\Cookies\marilyn berg@adrevolver[2].txt
F:\Documents and Settings\Marilyn Berg\Local Settings\Temp\Cookies\marilyn [email protected][2].txt
F:\Documents and Settings\Marilyn Berg\Local Settings\Temp\Cookies\marilyn berg@casalemedia[2].txt
F:\Documents and Settings\Marilyn Berg\Local Settings\Temp\Cookies\marilyn [email protected][1].txt
F:\Documents and Settings\Marilyn Berg\Local Settings\Temp\Cookies\marilyn berg@trafficmp[1].txt
F:\Documents and Settings\Marilyn Berg\Local Settings\Temp\Cookies\marilyn berg@tribalfusion[2].txt

Trojan.Unknown Origin
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mslagent
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\smp
F:\DOCUMENTS AND SETTINGS\MARILYN BERG\LOCAL SETTINGS\TEMP\~QIL1038.TMP

Adware.AdSponsor/ISM
C:\Program Files\QDRMODULE\dicy.gz
C:\Program Files\QDRMODULE\kwdy.gz
C:\Program Files\QDRMODULE\pckr.dat
C:\Program Files\QDRMODULE
C:\Program Files\QDRPACK\dicts.gz
C:\Program Files\QDRPACK\trgts.gz
C:\Program Files\QDRPACK
C:\Program Files\QDRDRIVE

Adware.INetDelivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\Inet Delivery
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\akl

Browser Hijacker.Rogue-Gen
C:\RECYCLER\S-1-5-21-4010667249-2969474944-2173522864-1007\DC93.HTM

Trojan.Fake-Drop/Gen
C:\WINDOWS\A.BAT
C:\WINDOWS\BASE64.TMP
C:\WINDOWS\BDN.COM
C:\WINDOWS\FVPROTECT.EXE
C:\WINDOWS\ITUNESMUSIC.EXE
C:\WINDOWS\MSSECU.EXE
C:\WINDOWS\SYSTEM32\AKTTZN.EXE
C:\WINDOWS\SYSTEM32\ANTICIPATOR.DLL
C:\WINDOWS\SYSTEM32\AWTOOLB.DLL
C:\WINDOWS\SYSTEM32\BDN.COM
C:\WINDOWS\SYSTEM32\BSVA-EGIHSG52.EXE
C:\WINDOWS\SYSTEM32\EMESX.DLL
C:\WINDOWS\SYSTEM32\H@TKEYSH@@K.DLL
C:\WINDOWS\SYSTEM32\HOPROXY.DLL
C:\WINDOWS\SYSTEM32\HXIWLGPM.DAT
C:\WINDOWS\SYSTEM32\HXIWLGPM.EXE
C:\WINDOWS\SYSTEM32\MEDUP012.DLL
C:\WINDOWS\SYSTEM32\MEDUP020.DLL
C:\WINDOWS\SYSTEM32\MSGP.EXE
C:\WINDOWS\SYSTEM32\MSNBHO.DLL
C:\WINDOWS\SYSTEM32\MSSECU.EXE
C:\WINDOWS\SYSTEM32\MSVCHOST.EXE
C:\WINDOWS\SYSTEM32\MTR2.EXE
C:\WINDOWS\SYSTEM32\MWIN32.EXE
C:\WINDOWS\SYSTEM32\NETODE.EXE
C:\WINDOWS\SYSTEM32\NEWSD32.EXE
C:\WINDOWS\SYSTEM32\PS1.EXE
C:\WINDOWS\SYSTEM32\REGC64.DLL
C:\WINDOWS\SYSTEM32\REGM64.DLL
C:\WINDOWS\SYSTEM32\RUNDL1.EXE
C:\WINDOWS\SYSTEM32\SSURF022.DLL
C:\WINDOWS\SYSTEM32\SSVCHOST.COM
C:\WINDOWS\SYSTEM32\SSVCHOST.EXE
C:\WINDOWS\SYSTEM32\SYSREQ.EXE
C:\WINDOWS\SYSTEM32\TAACK.DAT
C:\WINDOWS\SYSTEM32\TAACK.EXE
C:\WINDOWS\SYSTEM32\TEMP#01.EXE
C:\WINDOWS\SYSTEM32\THUN.DLL
C:\WINDOWS\SYSTEM32\THUN32.DLL
C:\WINDOWS\SYSTEM32\VBIEWER.OCX
C:\WINDOWS\SYSTEM32\VBSYS2.DLL
C:\WINDOWS\SYSTEM32\VCATCHPI.DLL
C:\WINDOWS\SYSTEM32\WINLOGONPC.EXE
C:\WINDOWS\SYSTEM32\WINSYSTEM.EXE
C:\WINDOWS\SYSTEM32\WINWGPX.EXE
C:\WINDOWS\USERCONFIG9X.DLL
C:\WINDOWS\WINSYSTEM.EXE
C:\WINDOWS\ZIP1.TMP
C:\WINDOWS\ZIP2.TMP
C:\WINDOWS\ZIP3.TMP
C:\WINDOWS\ZIPPED.TMP

Dpcproxy
C:\WINDOWS\SYSTEM32\DPCPROXY.EXE

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\PSOF1.EXE

Adware.Pacer D
C:\WINDOWS\SYSTEM32\PSOFT1.EXE

Trojan.Dluca-I
C:\WINDOWS\SYSTEM32\SNCNTR.EXE

Trojan.DropGen/SmallLoad
C:\WINDOWS\SYSTEM32\YPKZIJCH.EXE

Adware.MyWebSearch
F:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE

Adware.Spyware Labs
F:\WINDOWS\SYSTEM32\BO2809040510.EXE

[bergster]

Malwarebytes' Anti-Malware 1.12
Database version: 722

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 163918
Time elapsed: 1 hour(s), 51 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 96

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{f663b917-591f-4172-8d87-3d7d729007ca} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bat.batbho (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bat.batbho.1 (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63f7460b-c831-4142-a4aa-5ec303ec4343} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63f7460b-c831-4142-a4aa-5ec303ec4343} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d279bc2b-a85b-4559-8fd9-ddc55f5d402d} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b80a3586-caa5-41c8-89bf-e617f0b6cfbf} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ism (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSSysInterv1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Batco (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\bat.DLL (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bat (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bat (Adware.Batco) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\PerfInfo (Rogue.WinPerformance) -> Quarantined and deleted successfully.
C:\Program Files\Bat (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\ISM (Adware.ISM) -> Quarantined and deleted successfully.
C:\Documents and Settings\jen and ken\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\jen and ken\Local Settings\Temp\GLK231.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Bat\un_BatSetup_15041.exe (Adware.Rabio) -> Quarantined and deleted successfully.
C:\Program Files\ISM\ism.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP90\A0032395.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP90\A0032402.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP90\A0033402.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP90\A0034401.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP90\A0034423.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP90\A0034431.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP90\A0034442.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP90\A0034443.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP91\A0034449.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP91\A0034462.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP91\A0034468.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP91\A0035468.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP92\A0035472.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP92\A0035473.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP92\A0036468.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP92\A0036474.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP92\A0036488.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP92\A0036495.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP92\A0036502.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP92\A0037504.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP93\A0037530.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP93\A0037543.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP93\A0038544.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP93\A0038557.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP94\A0038568.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP94\A0038580.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP94\A0038589.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP94\A0039588.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP94\A0039597.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP94\A0039605.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP94\A0039678.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039787.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039788.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039806.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039808.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039810.dll (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039811.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039813.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039814.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039815.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039818.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039819.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039820.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039821.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039822.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039823.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039824.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039825.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP95\A0039826.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP97\A0039952.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP97\A0039953.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Bat\Bat.dll.intermediate.manifest (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\Bat.info (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\Bat.original (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\un_BatSetup_15041.txt (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\X_Bat.log (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\ISM\Uninstall.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Documents and Settings\jen and ken\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Documents and Settings\jen and ken\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jen and ken\Start Menu\Programs\Startup\Bat - Auto Update.lnk (Adware.Batco) -> Quarantined and deleted successfully.

[bergster]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:02 AM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\system32\wscntfy.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {db41de82-1dd1-11b2-b7fd-fbaf280c36b9} - C:\WINDOWS\narwryxy.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [d3GsynBaw8] C:\Documents and Settings\All Users\Application Data\srepapsh\udcpmjql.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\webhancer\programs\webhdll.dll' missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199911785984
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7562 bytes

[crunchie]

Hi and welcome to the VDr forums .

=========

Can you please do the following.


===============

Go to Add/Remove programs and uninstall the following, if present:

Viewpoint Manager

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Download LSPFix and unzip to your desktop, then run it. Now, we need to:

1. check(tick) "I know what i'm doing".
2. click on (highlight) each occurrence of the following, one at a time:

webhdll.dll

3. then click ">>", moving each one, individually, to the 'Remove' pane.
4. (double-check, and make sure that only the above files are in the 'Remove' pane.)
5. click "Finish >>"


===============

Scan with HijackThis and then place a check next to all the following, if present:


O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: (no name) - {db41de82-1dd1-11b2-b7fd-fbaf280c36b9} - C:\WINDOWS\narwryxy.dll (file missing)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O4 - HKLM\..\Policies\Explorer\Run: [d3GsynBaw8] C:\Documents and Settings\All Users\Application Data\srepapsh\udcpmjql.exe

O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\Viewpoint
C:\Program Files\RcvSystem
c:\program files\webhancer

files...

C:\Documents and Settings\All Users\Application Data\srepapsh\udcpmjql.exe

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

[bergster]

The internet connection is back. Also seems to be booting up faster.

Here is the latest HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:59 AM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199911785984
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6756 bytes

[crunchie]

Still have one there.

Scan with HijackThis and then place a check next to all the following, if present:


O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\RcvSystem

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log.

[bergster]

I booted up in safe mode, did what you said.
Did not find the file in programs folder. Ran a search and found a copy in the recycle bin which I deleted.
Ran hijackthis again and found the same line you said to delete so I deleted again. Checked again for the folder and found none. (Yes, I have hidden files showing.) Rebooted the computer. Ran another HJT and got the same log, which follows. Any other suggestions?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:01 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199911785984
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6755 bytes

[crunchie]

Follow the steps given here; http://www.trendmicro.com/vinfo/viru...T.TQZ&VSect=Sn and let me know how you get on. Make certain you have NO IE windows open before deleting.