Popups and nothings working!

[renegade11]

Hello all,

Its my 1st time posting, but 've used your site numerous times to answer questions I had and it was always an excellent source of info, but this time I am at my wits end...I have some kind of virus that causes numerous full page popup adds whenevr I open explorer...I will be on a site, it will freeze momentarily, then another window will open with an add...some of the adds I get are: clk2.lookquick, try.weatherstudio, go2everestcollege, londasearch, individsearch and even get things that say stuff like 64.258.456 or some number like that and it says this page is having problems or something to that effect...now I have Norton 360 which never finds anything, Spyhunter 2.9 which finds, removes then finds the same things over an over, and search and destroy, which scans to a certain point and finds stull like Yazzle (which is no where on my comp) and then causes a blue screen to pop up very blurry telling me windows had to shut down...I have also received offline pop ups from my comp telling me that windows recovered from a critical error or fatal error and I have to physically shut the comp off..I don't know what I have but I am at my wits end..here is my hijack this file log:

Logfile of HijackThis v1.99.1

Scan saved at 11:48:12 AM, on 10/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\runservice.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop' rel="external nofollow">http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [searchIndexer] rundll32.exe "C:\WINDOWS\system32\alhefjok.dll",sitypnow

O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I am currently doing a Panda Scan and i noticed something..it stopped for quite a while on a folder named " C:\ntldr"...when I looked in my c drive folders I did not see this folder..could this folder be hidden from view by spyware?..also, I just noticed that my internet optins privacy setting, which I set to medium high,had been dropped down to accept all cooks...my security setting stayed at medium high...I did not change the privacy setting, it changedn its own!

I should also add my comp now sometimes refuses to allow me to uninstall a program..I gett those annoying plunk sounds and nothing happens

Any help will be greatly appreciated

Thanks Guys and Gals!

Andy

[renegade11]

here is my activescan log:

Incident Status Location

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew musto@target[1].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew_musto@ad.yieldmanager[1].txt

Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew_musto@ads.addynamix[1].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew_musto@advertising[1].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew_musto@advertising[3].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew_musto@atdmt[2].txt

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew_musto@azjmp[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew_musto@com[1].txt

Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew_musto@counter.hitslink[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew_musto@doubleclick[1].txt

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew_musto@ehg-dig.hitbox[2].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew_musto@fastclick[1].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew_musto@go[1].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew_musto@overture[1].txt

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew_musto@statcounter[1].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew_musto@tribalfusion[2].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew_musto@www5.addfreestats[2].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Andrew Musto\Cookies\andrew_musto@zedo[2].txt

Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Andrew Musto\Local Settings\Temp\rwcameby.exe

Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Andrew Musto\Local Settings\Temp\tacpwmfo.exe

Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Andrew Musto\Local Settings\Temp\uoariums.exe

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@adultfriendfinder[2].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@advertising[1].txt

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@burstnet[2].txt

Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@clickbank[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@com[1].txt

Spyware:Cookie/Date Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@date[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@doubleclick[1].txt

Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@enhance[2].txt

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@fastclick[1].txt

Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@findwhat[1].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@go[1].txt

Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@i.screensavers[1].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@mediaplex[1].txt

Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@mp3search[1].txt

Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@mysearch[2].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@overture[2].txt

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@perf.overture[1].txt

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@statcounter[2].txt

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@target[2].txt

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@toplist[1].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@tribalfusion[2].txt

Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@www.affiliatefuel[1].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@www1.addfreestats[1].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@www3.addfreestats[1].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Jennifer Vincenti\Cookies\jennifer_vincenti@www5.addfreestats[1].txt

Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Jennifer Vincenti\Local Settings\Temp\cibremtb.exe

Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Jennifer Vincenti\Local Settings\Temp\cipkysxa.exe

Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Jennifer Vincenti\Local Settings\Temp\jdnvdupb.exe

Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Jennifer Vincenti\Local Settings\Temp\olwdgboq.exe

Virus:Trj/Downloader.PCQ Disinfected C:\Documents and Settings\Jennifer Vincenti\Local Settings\Temp\opacqcsu.exe

Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Jennifer Vincenti\Local Settings\Temp\uuvibtke.exe

Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Jennifer Vincenti\Local Settings\Temp\wepqcjub.exe

Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Jennifer Vincenti\Local Settings\Temp\wshabmeq.exe

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Other User\Cookies\other user@2o7[1].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Other User\Cookies\other_user@ad.yieldmanager[2].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Other User\Cookies\other_user@advertising[2].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Other User\Cookies\other_user@atdmt[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Other User\Cookies\other_user@doubleclick[1].txt

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Other User\Cookies\other_user@questionmarket[1].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Other User\Cookies\other_user@zedo[1].txt

Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe

Virus:Generic Malware Disinfected C:\Program Files\DIGStream\digstream.exe

Spyware:Cookie/Apmebf Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew musto@apmebf[1].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew musto@apmebf[1].txt]

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew musto@atdmt[2].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew musto@atdmt[2].txt]

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew musto@bs.serving-sys[1].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew musto@bs.serving-sys[1].txt]

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew musto@doubleclick[1].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew musto@doubleclick[1].txt]

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew musto@mediaplex[1].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew musto@mediaplex[1].txt]

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew musto@serving-sys[1].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew musto@serving-sys[1].txt]

Spyware:Cookie/2o7 Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@2o7[2].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@2o7[2].txt]

Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@ad.yieldmanager[2].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@ad.yieldmanager[2].txt]

Spyware:Cookie/Adrevolver Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@adrevolver[2].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@adrevolver[2].txt]

Spyware:Cookie/PointRoll Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@ads.pointroll[2].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@ads.pointroll[2].txt]

Spyware:Cookie/Adserver Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@adserver.easyad[2].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@adserver.easyad[2].txt]

Spyware:Cookie/adultfriendfinder Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@adultfriendfinder[2].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@adultfriendfinder[2].txt]

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@advertising[1].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@advertising[1].txt]

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@advertising[2].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@advertising[2].txt]

Spyware:Cookie/Atwola Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@atwola[2].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@atwola[2].txt]

Spyware:Cookie/Azjmp Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@azjmp[1].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@azjmp[1].txt]

Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@belnk[1].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@belnk[1].txt]

Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@casalemedia[2].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@casalemedia[2].txt]

Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@dist.belnk[2].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@dist.belnk[2].txt]

Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@ehg-dig.hitbox[1].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@ehg-dig.hitbox[1].txt]

Spyware:Cookie/FastClick Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@fastclick[2].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@fastclick[2].txt]

Spyware:Cookie/Linksynergy Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@linksynergy[1].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@linksynergy[1].txt]

Spyware:Cookie/Adrevolver Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@media.adrevolver[1].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@media.adrevolver[1].txt]

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@questionmarket[2].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@questionmarket[2].txt]

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@realmedia[2].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@realmedia[2].txt]

Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@statcounter[1].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@statcounter[1].txt]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@statse.webtrendslive[1].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@statse.webtrendslive[1].txt]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@trafficmp[2].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@trafficmp[2].txt]

Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@tribalfusion[2].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@tribalfusion[2].txt]

Spyware:Cookie/BurstBeacon Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@www.burstbeacon[1].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@www.burstbeacon[1].txt]

Spyware:Cookie/Zedo Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\andrew_musto@zedo[1].txt.dat[Documents and Settings/Andrew Musto/Cookies/andrew_musto@zedo[1].txt]

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer vincenti@atdmt[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer vincenti@atdmt[2].txt]

Spyware:Cookie/2o7 Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@112.2o7[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@112.2o7[2].txt]

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@247realmedia[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@247realmedia[1].txt]

Spyware:Cookie/2o7 Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@2o7[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@2o7[1].txt]

Spyware:Cookie/Hbmediapro Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@adopt.hbmediapro[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@adopt.hbmediapro[2].txt]

Spyware:Cookie/Adrevolver Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@adrevolver[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@adrevolver[1].txt]

Spyware:Cookie/PointRoll Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@ads.pointroll[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@ads.pointroll[2].txt]

Spyware:Cookie/Adserver Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@adserver.filefront[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@adserver.filefront[1].txt]

Spyware:Cookie/Adtech Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@adtech[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@adtech[2].txt]

Spyware:Cookie/adultfriendfinder Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@adultfriendfinder[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@adultfriendfinder[1].txt]

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@advertising[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@advertising[1].txt]

Spyware:Cookie/Advertising Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@advertising[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@advertising[2].txt]

Spyware:Cookie/Adviva Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@adviva[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@adviva[2].txt]

Spyware:Cookie/Apmebf Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@apmebf[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@apmebf[1].txt]

Spyware:Cookie/Falkag Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@as-eu.falkag[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@as-eu.falkag[1].txt]

Spyware:Cookie/Falkag Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@as-us.falkag[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@as-us.falkag[1].txt]

Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@atdmt[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@atdmt[2].txt]

Spyware:Cookie/Atwola Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@atwola[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@atwola[2].txt]

Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@belnk[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@belnk[1].txt]

Spyware:Cookie/Bfast Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@bfast[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@bfast[2].txt]

Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@bluestreak[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@bluestreak[2].txt]

Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@bravenet[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@bravenet[1].txt]

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@bs.serving-sys[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@bs.serving-sys[2].txt]

Spyware:Cookie/BurstNet Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@burstnet[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@burstnet[1].txt]

Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@casalemedia[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@casalemedia[2].txt]

Spyware:Cookie/Bridgetrack Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@citi.bridgetrack[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@citi.bridgetrack[1].txt]

Spyware:Cookie/did-it Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@did-it[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@did-it[1].txt]

Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@dist.belnk[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@dist.belnk[2].txt]

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@doubleclick[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@doubleclick[1].txt]

Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@doubleclick[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@doubleclick[2].txt]

Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@ehg-dig.hitbox[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@ehg-dig.hitbox[1].txt]

Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@ehg-dig.hitbox[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@ehg-dig.hitbox[2].txt]

Spyware:Cookie/FastClick Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@fastclick[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@fastclick[2].txt]

Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@fortunecity[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@fortunecity[1].txt]

Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@landing.domainsponsor[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@landing.domainsponsor[2].txt]

Spyware:Cookie/Linksynergy Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@linksynergy[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@linksynergy[2].txt]

Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@maxserving[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@maxserving[1].txt]

Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@mediaplex[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@mediaplex[2].txt]

Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@phg.hitbox[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@phg.hitbox[1].txt]

Spyware:Cookie/QkSrv Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@qksrv[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@qksrv[2].txt]

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@questionmarket[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@questionmarket[1].txt]

Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@questionmarket[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@questionmarket[2].txt]

Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@realmedia[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@realmedia[1].txt]

Spyware:Cookie/WUpd Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@revenue[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@revenue[2].txt]

Spyware:Cookie/Searchportal Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@searchportal.information[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@searchportal.information[1].txt]

Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@serving-sys[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@serving-sys[2].txt]

Spyware:Cookie/onestat.com Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@stat.onestat[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@stat.onestat[1].txt]

Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@statcounter[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@statcounter[1].txt]

Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@tradedoubler[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@tradedoubler[2].txt]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@trafficmp[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@trafficmp[1].txt]

Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@tribalfusion[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@tribalfusion[2].txt]

Spyware:Cookie/Valueclick Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@valueclick[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@valueclick[2].txt]

Spyware:Cookie/Weborama Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@weborama[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@weborama[1].txt]

Spyware:Cookie/BurstBeacon Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@www.burstbeacon[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@www.burstbeacon[2].txt]

Spyware:Cookie/myaffiliateprogram Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@www.myaffiliateprogram[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@www.myaffiliateprogram[1].txt]

Spyware:Cookie/Xiti Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@xiti[1].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@xiti[1].txt]

Spyware:Cookie/Yadro Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@yadro[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@yadro[2].txt]

Spyware:Cookie/Zedo Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\jennifer_vincenti@zedo[2].txt.dat[Documents and Settings/Jennifer Vincenti/Cookies/jennifer_vincenti@zedo[2].txt]

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Morpheus\morpheustoolbar.exe

Spyware:Spyware/PeoplePC Not disinfected C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL

Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\system32\actskn45.ocx

Adware:Adware/VirusAlarma Not disinfected C:\WINDOWS\system32\drvviz.dll

I now have 2 shortcuts that have apeared on my desktop: Online Security Guide and Live Safety Center...I have a security alert in my toolbar that keeps opening a balloon and I get popups offline from sites like this: securityonpage , protectroom and savetheinformation..my comp is almost unusable

I just ran AVG and it found a few cookies but nothing else..I ran RogueRemover and it said I had no problem files yet I am still getting the above popups as well as now I have a Security Toolbar 7.1 on my browser which I can't disable and the Flashing yellow triangle with the exclamation point is still in my taskbar and keeps telling me to click here to remove detected spyware followed by the popup to Security Center or Safety Center..Savetheinformation site seems to want me to get spyware removal from something cald hepto.com

[Tigger93]

Hello and welcome to Malwarebytes.

Can you please go Start > Control Panel > Add/Remove Programs and uninstall Morpheus.

Then locate and delete these files:

C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe

C:\WINDOWS\system32\actskn45.ocx

C:\WINDOWS\system32\drvviz.dll

And locate and delete this folder:

C:\Program Files\Morpheus\

=====

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

=====

Please download VundoFix.exe to your desktop

• Double-click VundoFix.exe to run it.
  
• Click the Scan for Vundo button.
  
• Once it's done scanning, click the Remove Vundo button.
  
• You will receive a prompt asking if you want to remove the files, click YES
  
• Once you click yes, your desktop will go blank as it starts removing Vundo.
  
• When completed, it will prompt that it will reboot your computer, click OK.
  
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
  

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

[renegade11]

Thanks so much.. I did all you said..here are the logs...I still have that toolbar and the 2 shortcuts on my desktop that are obviously adware ..Live Safety Center and Online Security Guide...their properties say http://htepo.com/cehpmoin then symbols and letters..should I manually dlete these? I tried before but they came back....the toolbar says Security Toolbar 7.1 then has 2 green buttons "Block adware / popups and "Remove spyware..I also had a seperate page open up that told me I was being redirected to anothe page, which I selected no and closed it..here is the page that opened dircontinentads/?u=1-RxE3Fd2FJCXjfFgn9YB i didn't include the .com part so it would not be an active link there is a period between dir and continentads

Logfile of HijackThis v1.99.1

Scan saved at 3:46:42 PM, on 10/13/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\runservice.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop' rel="external nofollow">http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Vundo log:

C:\WINDOWS\system32\abtgwsss.dll

C:\WINDOWS\system32\amboytvj.ini

C:\WINDOWS\system32\jvtyobma.dll

C:\WINDOWS\system32\wivcpukv.dll

Thanks, Andy

[Tigger93]

I need the full Vundo log please.

[renegade11]

I need the full Vundo log please.

Sorry!

VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

Scan started at 3:38:29 PM 10/13/2007

Listing files found while scanning....

C:\WINDOWS\system32\abtgwsss.dll

C:\WINDOWS\system32\amboytvj.ini

C:\WINDOWS\system32\jvtyobma.dll

C:\WINDOWS\system32\wivcpukv.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\abtgwsss.dll

C:\WINDOWS\system32\abtgwsss.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\amboytvj.ini

C:\WINDOWS\system32\amboytvj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jvtyobma.dll

C:\WINDOWS\system32\jvtyobma.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wivcpukv.dll

C:\WINDOWS\system32\wivcpukv.dll Has been deleted!

Performing Repairs to the registry.

Done!

Also, I noticed every add on most webpages is a flashing "your comp is infeted" typ add...all the same and sometimes 3 or 4 on the same page no matter what page I am looking at

[Tigger93]

Thanks.

Please download SmitfraudFix (by S!Ri) to your Desktop.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, a menu with options should appear;
  
• Select the first option, to run Windows in Safe Mode, then press "Enter".
  
• Choose your usual account.
  

Once in Safe Mode, double-click on SmitfraudFix.exe

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

[renegade11]

I am still getting the balloons from my taskbar saying critical system warning or system Alert: Maleware Threats and asking me to click this balloon to d/l the latest malware remover..also, my ie opens right up to htepo.com even though my homepage is still unchanged in my Internet options...Security toolbar 7.1 is still on my IE toolbar

[renegade11]

SmitFraudFix v2.240

Scan done at 18:19:37.98, Sun 10/14/2007

Run from C:\Documents and Settings\Jennifer Vincenti\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

[Tigger93]

Hm, new HijackThis log please as well as this:

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post.

[JeanInMontana]

Tigger thanks for your help as always. Due to lack of response I will close this to prevent others from posting into it.

The advice in this topic was for this system only. You should not apply to your system without advice. Please post a new topic and we will be happy to help.