When I start my computer now, I have to start it in safe mode and choose "administrator", otherwise my desktop will apear with no icons or task bar. Also various popups frequently apear, (most of them advertising spyware removal programs,) and sometimes programs start themselves up. Limewire started up like crazy untill I uninstalled it. Ad-Aware finds problems including "Zeno Search", "Comand Service", and "Network Monitor" and tries to fix them but there are always a few files it can't access, they seem to be different files every time. Here is a transcript of the log file of one of my many scans, please help. Thanks in advance.





Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, June 20, 2006 4:35:44 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R112 15.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ABetterInternet.Nail(TAC index:5):1 total references
Adware.Look2Me(TAC index:7):11 total references
CmdServices(TAC index:4):3 total references
iSearch Toolbar(TAC index:4):1 total references
MRU List(TAC index:0):10 total references
Tracking Cookie(TAC index:3):13 total references
win32.Trojan.Dnschanger(TAC index:10):1 total references
Win32.Trojan.Downloader(TAC index:10):2 total references
Win32.Trojan.Starter(TAC index:10):2 total references
Win32.TrojanClicker(TAC index:10):3 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


6-20-2006 4:35:45 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1336601894-839522115-500\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1336601894-839522115-500\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1336601894-839522115-500\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1336601894-839522115-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1336601894-839522115-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1336601894-839522115-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1336601894-839522115-500\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1336601894-839522115-500\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 380
ThreadCreationTime : 6-20-2006 8:12:53 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 452
ThreadCreationTime : 6-20-2006 8:12:58 PM
BasePriority : High


Adware.Look2Me Object Recognized!
Type : Process
Data : fplq0335e.dll
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : C:\WINDOWS\system32\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\fplq0335e.dll)


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 6-20-2006 8:13:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 512
ThreadCreationTime : 6-20-2006 8:13:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 664
ThreadCreationTime : 6-20-2006 8:13:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 844
ThreadCreationTime : 6-20-2006 8:13:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1104
ThreadCreationTime : 6-20-2006 8:13:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

Adware.Look2Me Object Recognized!
Type : Process
Data : mdpatcha.dll
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : C:\WINDOWS\system32\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\mdpatcha.dll)


#:8 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1264
ThreadCreationTime : 6-20-2006 8:13:15 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:9 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 412
ThreadCreationTime : 6-20-2006 8:35:20 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

ABetterInternet.Nail Object Recognized!
Type : RegData
Data : explorer.exe, c:\windows\system32\bboek.exe
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, c:\windows\system32\bboek.exe

Windows Object Recognized!
Type : RegData
Data : explorer.exe, c:\windows\system32\bboek.exe
TAC Rating : 3
Category : Vulnerability
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, c:\windows\system32\bboek.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 14


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Look2Me Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Adware
Comment : C:\WINDOWS\system32\kzdcz1.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{311AF1C7-0EB3-4215-BFCA-B77384CA3A66}

Adware.Look2Me Object Recognized!
Type : File
Data : kzdcz1.dll
TAC Rating : 7
Category : Adware
Comment :
Object : c:\windows\system32\



Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 16


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@atdmt.com/
Expires : 6-18-2011 8:00:12 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:24
Value : Cookie:administrator@2o7.net/
Expires : 6-19-2011 4:31:58 PM
LastSync : Hits:24
UseCount : 0
Hits : 24

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@doubleclick.net/
Expires : 6-19-2009 4:14:56 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@statcounter.com/
Expires : 6-19-2011 4:32:28 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@mediaplex.com/
Expires : 6-21-2009 8:00:12 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrator@ads.pointroll.com/
Expires : 12-31-2009 8:00:12 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 22



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.pointroll[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@doubleclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@statcounter[1].txt

Adware.Look2Me Object Recognized!
Type : File
Data : AppWrap[1].exe
TAC Rating : 7
Category : Adware
Comment :
Object : C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CXGVCQDM\



VX2 Object Recognized!
Type : File
Data : A0048998.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\



win32.Trojan.Dnschanger Object Recognized!
Type : File
Data : A0048999.exe
TAC Rating : 10
Category : Monitoring Tool
Comment :
Object : C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\



CmdServices Object Recognized!
Type : File
Data : A0049000.exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\



Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0049001.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\



VX2 Object Recognized!
Type : File
Data : A0049002.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\



CmdServices Object Recognized!
Type : File
Data : A0049003.exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\



Win32.TrojanClicker Object Recognized!
Type : File
Data : A0049004.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\



VX2 Object Recognized!
Type : File
Data : A0049005.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\



Win32.Trojan.Starter Object Recognized!
Type : File
Data : A0049006.exe
TAC Rating : 10
Category : Virus
Comment :
Object : C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\



Win32.Trojan.Starter Object Recognized!
Type : File
Data : A0049007.exe
TAC Rating : 10
Category : Virus
Comment :
Object : C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\



iSearch Toolbar Object Recognized!
Type : File
Data : A0049008.dll
TAC Rating : 4
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


CmdServices Object Recognized!
Type : File
Data : A0049009.exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\



VX2 Object Recognized!
Type : File
Data : A0049010.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\



Adware.Look2Me Object Recognized!
Type : File
Data : A0062032.dll
TAC Rating : 7
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\



Adware.Look2Me Object Recognized!
Type : File
Data : icont.exe
TAC Rating : 7
Category : Adware
Comment :
Object : C:\WINDOWS\



Adware.Look2Me Object Recognized!
Type : File
Data : clutil.dll
TAC Rating : 7
Category : Adware
Comment :
Object : C:\WINDOWS\system32\



Adware.Look2Me Object Recognized!
Type : File
Data : irlol5331.dll
TAC Rating : 7
Category : Adware
Comment :
Object : C:\WINDOWS\system32\



Adware.Look2Me Object Recognized!
Type : File
Data : bw2.com
TAC Rating : 7
Category : Adware
Comment :
Object : C:\WINDOWS\Temp\



Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@as-us.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\administrator@as-us.falkag[1].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 48


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
900 entries scanned.
New critical objects:0
Objects found so far: 48




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Look2Me Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon\notify

VX2 Object Recognized!
Type : RegData
Data : explorer.exe, c:\windows\system32\bboek.exe
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, c:\windows\system32\bboek.exe

Win32.Trojan.Downloader Object Recognized!
Type : File
Data : guard.tmp
TAC Rating : 10
Category : Malware
Comment :
Object : c:\windows\system32\



Win32.TrojanClicker Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

Win32.TrojanClicker Object Recognized!
Type : RegData
Data : userinit.exe,mvuiubj.exe
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Userinit
Data : userinit.exe,mvuiubj.exe

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 53

5:08:23 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:32:38.63
Objects scanned:201287
Objects identified:41
Objects ignored:0
New critical objects:41

This looks like a bundled infection (may include more than just spyware/adware), can you post a HijackThis log for review so I can see how bad it is? This is a free diagnostic tool

Instructions on creating a HijackThis Log
http://www.lavasoftsupport.com/index.php?showtopic=216

Logfile of HijackThis v1.99.1
Scan saved at 11:27:16 PM, on 6/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\bboek.exe
F2 - REG:system.ini: UserInit=userinit.exe,mvuiubj.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [defender] C:\\dfndr.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd.exe
O4 - HKLM\..\Run: [{C8-8C-CB-B6-ZN}] c:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKLM\..\Run: [newname] c:\\nwnm.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: msconfig.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095826219607
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125511794843
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\system32\x3cqp0.dll
O20 - AppInit_DLLs: mshta.dll C:\WINDOWS\system32\mshta.dll
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\l6j8lg1u16.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Hi trisphere,

You do have something brand new and a couple of files I need to examine to determine what exactly it is.

Go here to upload the files as attachments
http://www.thespykiller.co.uk/forum/index.php?board=1.0
Just press new topic (Make the subject: For CalamityJane from trisphere at LS ),
fill in a short message & then press the browse button and then navigate to & select these files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press Post to upload the files

Files to upload:

C:\\dfndr.exe

C:\\kybrd.exe

c:\\nwnm.exe

(Do not post HJT logs there as they will not get dealt with)

You DO NOT need to be a member to upload, anybody can upload the files

You will not see the files that have been uploaded as they only show to the authorized users who can download them

I will be able to collect them from there once uploaded and will reply back here with the results.

OK, I uploaded the files there. I couldn't find the files with "browse" I just cut and pasted the path from your post, hope it worked ok.

Didn't work - the files were 0 bytes. It could be your anitvirus or firewall blocking the upload. Let's try this tool to see what it finds.

Please download FileFind from Atribune:
http://www.atribune.org/downloads/FileFind.zip

Unzip the file and save it to your desktop.

To run FileFind, please do the following:

* Click on FileFind.exe
* In the box labeled "Enter the directory to search"
o Enter Drive eg.. C:\
* In the box labeled "Enter the file to search"
o Enter the file name: dfndr.exe
* Now click on the "Find" button
* Once the utility has found the files click on "Export"
* This will save a text file to your C:\ drive as "Export.txt"
* Double click on Export.txt, copy and paste this information in your next post

Do the same for these two also located in the directory: b]C:\[/b]

kybrd.exe

nwnm.exe

OK,

I downloaded FileFind at the link you posted. I leave the "Directory" field as C:\ and put the "File" field as dfndr.exe then I click "search". After that my curser turns to an hourglass forever and if I do a control alt delete it shows FileFind as "not responding". Same results for the other two files and same resluts for any other file names I tried.

Ok, thanks for trying anyway. I think those files have already been removed.

1. Please download the free trial program Ewido per the following instructions. This is a good trojan scanner and will help to block any further trojan downloads of malware onto your system while we're trying to clean it all up. Should any nasties try to enter your system it should popup a warning and you can block anything new coming in. But first lets install it, update it, and we'll scan later in SAFE MODE.

Download, install, and update Ewido AntiMalware (get the free trial version)
http://www.ewido.net/en/download/

a. Install Ewido AntiMalware

b. Launch Ewido, there should be a orange Ewido icon on your desktop, double-click it.

c. The program will prompt you to update click the OK button

d. The program will now go to the main screen

e. Click on Update at the top of the screen

f. Click on *Start Update*. The update will start and a progress bar will show the updates being installed.

g. Do not scan yet. We'll do that later in SAFE MODE. After updating close Ewido and any open programs.

*Note: Ewido is a free trial product for 30 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update Ewido using the *update* button

2. Please download Brute Force Uninstaller to your desktop.

• Right click the BFU folder on your desktop, and choose Extract All
• Click "Next"
• In the box to choose where to extract the files to,
• Click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk (C:) or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

4. Reboot into Safe Mode
You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

5. Once in safe mode, start Ewido AntiMalware

a. Click on scanner

b. Click on *complete system scan*

c. Let the program scan the machine.

d. While the scan is in progress you will be prompted to clean the first infected file it finds. Choose Remove, then put a check next to Perform action on all infections in the left corner of the box so you don't have to sit and watch Ewido the whole time.
Checkmark the box: *Create encrypted backup in the quarantine* (recommended)

Click OK.

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

6. Then, please go to Start > My Computer and navigate to the C:\BFU folder.

• Start the Brute Force Uninstaller by doubleclicking BFU.exe
• Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
• Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
• Wait for the complete script execution box to pop up and press OK.
• click "save"
  IN "filename" enter log.txt
• click exit to exit the BFU program.

Please copy the contents of the log.txt back here in your next reply. The log.txt will be in the C:\BFU\ folder

Reboot back into normal mode

7. Now please scan with HijackThis to produce a log. Post that log into your topic along with the other requested logs named below.

Logs needed in your next post are:

log.txt will be in the C:\BFU\ folder

Ewido Scan log

Fresh HijackThis log

I did my best to follow your instructions exactly. I downloaded Ewido Anti-Spyware through the link you provided. It was a little difficult to navigate the menus because my safe mode seems to force me into 640X480 pixel mode so the edges Ewido's menu were cut off the edges of the screen. While the scan was in progress I was NOT prompted to clean the first infected file it found. It scanned the whole drive and showed a lont list of offending files with either "Delete" or "Quarentine" next to them. I clicked on "apply all actions" and was met with the following dialog:

The file C:\program files\limewire\shared\_\0day mp3s, full quality albums.rar/setup.exe cannot be quarentined because it is embedded in the archive c:\program files\limewire\shared\_\0day mp3s, full quality albums.rar Do you want to quarentine the whole archive?

I chose yes and after a moment the program seemed frozen, I did a control alt delete and it was listed as "not responding" so I ended the program. When I restart it there does apear to be a number of things listed in the "infections" tab that have been quarentined. So then I clicked on "Save Report"

I ran Brute Force Uninstaller as per your instructions. I didn't get an option to save the log at first, apparently because I needed to check a "Show log after script ends" box before running the program. So I checked the box and ran it again, this time I got the log and was able to save it. Hopefully that is ok.

Finally I restarted in normal mode (still VERY sluggish) and produced a hijack log.

Here are the three logs....

BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 1:31:17 PM, on 6/21/2006

Option Unload Explorer: Yes
Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF2FA0.tmp (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\Program Files\ipwins (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
Failed: FolderDelete C:\Program Files\SDVita (folder not found)
Failed: FolderCreate C:\bintheredunthat (folder already exists)
Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:16:32 PM 6/21/2006

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RelevantKnowledge -> Adware.BroadCastPC : No action taken.
C:\Documents and Settings\Nadeau\Application Data\Fоnts\svchost.exe -> Adware.ClickSpring : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\!update.exe -> Adware.ClickSpring : No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\temp.fr3D18 -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\temp.fr74E2 -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\temp.fr2C3D -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\temp.frAE9E -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\Awdiodev.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\LCGIF80N.DLL -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\ajl71.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\chmpobj.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\d8j02i1mg8.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\dkdskmgr.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\dnr8019ue.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\dqnhpast.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\dqsenh.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\dvkquoui.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\ggtuname.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\gp0ql3d51.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\gpl0l33m1.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\h20qlcd51f0.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\i4600ejmehoa0.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\i4lo0e33eh.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\irl2l53o1.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\j8p0li7m18.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\jlpl400.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\jt2m07f1e.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\kqdhu1.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\kt60l7jm1.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\kt6sl7j71.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\ktr0l79m1.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\kxdsl1.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\lv4009hme.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\mcprivs.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\mhxml2r.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\mqglibnt.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\mvacm.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\n8n60i5se8.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\o2ro0c93ef.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\p2r40c9qef.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\pnfmgr.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\sarmdll.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\scnsapi.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\sgcbase.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\sjkit432.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\sqkit432.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\t68u0gl9e6q.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\wbdmtpdr.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\wcn87em.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\wnploc.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\wpps.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\wqploc.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\wzaueng1.dll -> Adware.Look2Me : No action taken.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : No action taken.
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : No action taken.
C:\Program Files\ѕуstem32\wοwexec.exe -> Adware.PurityScan : No action taken.
C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
[732] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\is-STD0C.tmp\whenU\SAVE-SYNCmInst.exe/Save.exe -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\is-STD0C.tmp\whenU\SAVE-SYNCmInst.exe/SaveUninst.exe -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\is-STD0C.tmp\whenU\SAVE-SYNCmInst.exe/Sync.exe -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\is-STD0C.tmp\whenU\SAVE-SYNCmInst.exe/Uninst.exe -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\whenu.exe/VVSN.exe -> Adware.SaveNow : No action taken.
C:\WINDOWS\system32\tfthot.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32tfthot.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32\gbe90qs.exe -> Adware.Suggestor : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\i120.tmp -> Adware.SurfSide : No action taken.
C:\WINDOWS\system32\kwinnqez.exe -> Adware.ZenoSearch : No action taken.
C:\WINDOWS\system32\pmdsrego.exe -> Adware.ZenoSearch : No action taken.
C:\WINDOWS\system32\pmdsregq.exe -> Adware.ZenoSearch : No action taken.
C:\WINDOWS\system32\pwinnqez.exe -> Adware.ZenoSearch : No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3XFEYYMG\AppWrap[1].exe -> Adware.Zestyfind : No action taken.
C:\WINDOWS\Temp\bw2.com -> Adware.Zestyfind : No action taken.
C:\WINDOWS\iconu.exe -> Adware.Zestyfind : No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msconfig.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Rar$EX03.312\Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\0day mp3s, full quality albums.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\0day mp3s, quality albums.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\18 Wheels of Steel Convoy Unlocker.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\1st Disk Drive Protector 1.4.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\7 Wonders of the Ancient World v1.0 Unlocker.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ABC Amber BlackBerry Converter 1.07.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ABC Amber HTML2Excel Converter 2.02.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ABC Amber TreePad Converter 3.06.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ABC Amber Word2Excel Converter 3.02.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ABC Amber WordPerfect Converter 3.03.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ABC Amber XML Converter 5.02.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ACDSee v8.0.39.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ALO CD & DVD Burner 2.1.22.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\AML Fast Audio Converter 1.1.5.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ASuite 1.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\AV Voice Changer Software Diamond v4.0.50.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\AVG Free AntiVirus Definitions 2006-06-19.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\AVG v7.0.280.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ActiveXZip 2.3.0.3.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Adobe Photoshop CS2 Tryout to Full Activation.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Adobe Photoshop CS2 v9.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Advanced Office Password Recovery v3.03 PRO.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Advanced X Video Converter 4.3.5.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\AdvancedRemoteInfo 0.6.5.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Ahead Nero v7.2.0.3b.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Aim Fix 06 19 2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Aimini P2P software 1.8.2.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Alcohol 120 v1.9.5 Build 3823.-.RETAIL CRK-FFF.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Alcohol 120 v1.9.5 Build 3823.-.RETAIL.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Alcohol 120 v1.9.5.3823 FULLY.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Alcohol 120 v1.9.5.3823.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\AntiDuplicate 1.41.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Ape Ripper 2.0.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Ape2CD 1.8.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Aspose.BarCode 1.5.0.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Aspose.Chart 3.2.4.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\AssessTree 1.41.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Aurora Media Workshop 3.3.7.13.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\AxCrypt 1.6.3.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Azureus 2.4.0.3 B42.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\BGEYE 2.65.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\BT Engine v4.7 Build 1126-TE.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Battlefield 2 NOCD.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Battlefield Vietnam NOCD.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\BearShare Pro v5.2.4.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Bible Sander 1.3.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Bill Catchem BC InterDial v2.1.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\BitDefender Professional Virus Definitions 388527.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\BitDefender Standard Virus Definitions 388527.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\BitWise IM 1.7.2.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Blackjack International 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\BlindWrite 6.0.0.6b.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Brothers In Arms Earned In Blood UNLOCKER-UNBAiSEDGOATS.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Brothers in Arms Road to Hill 30 FiXED CHEATS.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Bulk Rename Utility 2.3.5.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\C and C Generals Zero Hour GERMAN No-CD Fixed Image.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\CATVids 7.10.04.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\CCProxy 6.3.7.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\CD DVD Data Recovery 1.0.767.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\CDMenuPro 5.23.00.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\CQ web 1.0b2.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\CUE Splitter 0.6 beta 9.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Cake Mania v1.0-DELiGHT.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Cake Mania v1.0-TNT.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Call of Duty 2.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Call of Duty United Offensive Minimizer.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\CallClerk 3.0.5.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Chili FTP v1.1.0.18.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Civilization IV v1.09 [ENGLISH] No-DVD Fixed EXE.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Cleanerzoomer 3.51a.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Cobian Backup 8.0.0.134.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Colin McRae Rally 2005 Crash Fix-IND.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Colin McRae Rally 2005 Crash Fix.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Commandos 3 Destination Berlin ALL ACCESS CHEATDOX.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Commandos Strike Force.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Core FTP LE 1.3c b.1447.5.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Creatures Of Darkness MorphVOX Add-on 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Credit Card Crusher 113.64a.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Cyberlink PowerDVD Deluxe v7.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Cyberlink PowerDVD v7.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\DCPP 3.5.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\DNS Redirector 6.3.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\DVD Audio Ripper 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Database Tour 5.1.1.735.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Database Tour Pro 5.1.1.735.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\DeviceLock 6.0 RC1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Digital PhotoRescue Professional 4.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Diner Dash 2 Restaurant Rescue v1.0.0.228-TNT.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Diner Dash v1.0.0.39 Unlocker.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\DirectX Happy Uninstall 3.87.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Doom 3 and Doom 3 Resurrection of Evil v1.3 KeyCheck-TNT.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Doom 3 and Doom 3 Resurrection of Evil v1.3 KeyCheck.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\DrScheme 3.5.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Drive Health 2.4.121.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Dungeons And Dragons Dragonshard.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Easy File Sharing Web Server v3.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Easy Mosaic 2005 Home Edition 1.2.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\EcoEuroMillions 1.28.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\EditPad Pro 6.0.2.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ElcomSoft Advanced Archive Password Recovery ARCHPR v3.01.7-POPUP.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ErrorSafe v1.1.44.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\F E A R NODVD CRACK.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\F-Secure Anti-Virus Definitions 06-19-2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\FXstyle Bulk Email Direct Sender 3.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\FXstyle Mailing List Remover 3.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Fake Webcam 1.76.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\FastReport 3.22.12.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Fifa 2005 Unlocker.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Fifa 2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\File Synchronizer 3.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\File Tree Printer 3.1.6.172.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Flash Optimizer 1.4.6.164.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\GData AntiVirusKit 2006-YYePG.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\GameBoost 1 1.6.19.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\GameGain 2 2.6.19.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\GameHike 1.6.19.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\GameThrust 1.6.19.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\GetRight Pro 6.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Getright Pro 6.0 beta 7.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Ghost Recon Advanced Warfighter 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Google Desktop 4.2006.0602.1351.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Google Earth Pro 3.0beta-VOORHEES.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Google Earth Pro 3.0beta.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Grand Theft Auto San Andreas NOCD.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\HP Infotech CodeVisionAVR v1.24.6 Pro.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\HTML Password Pro 5.09.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\HTML-Optimizer 9.5.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\HTML-Optimizer Pro 4.5.6.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\HTMLPad 2006 Pro 7.2.0.68.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Half Life 2 OFFLINE ACTIVATION PATCH-oWNAGE.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Half Life 2 OFFLINE ACTIVATION PATCH.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Handy Password 3.6.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Helium Music Manager 2006.1 b.5144.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Hide IP 2.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO 3GP Video Converter 3.1.7.0616b.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO AVI MPEG Converter 3.1.7.0616b.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO AVI to DVD Converter 2.0.10.0612.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO DVD Ripper 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO DVD Ripper Platinum 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO DVD to 3GP Converter 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO DVD to DivX Converter 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO DVD to MP4 Converter 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO DVD to PSP Converter 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO DVD to Pocket PC Ripper 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO DVD to WMV Converter 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO DVD to iPod Converter 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO MOV Converter 3.1.7.0616b.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO MP4 Video Converter 3.1.7.0616b.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO MPEG Encoder 3.1.7.0616b.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO PSP Video Converter 3.1.7.0616b.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO RM Converter 3.1.7.0616b.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO Video to Audio Converter 3.1.7.0616b.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ImTOO iPod Movie Converter 3.1.7.0616b.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Internet Download Manager v5.03.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\IntroCreator 2.22.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\K-Lite Codec Pack 6 17 06.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\KF Web Server 3.1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\KFSensor 4.2.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\KFWhois 3.0.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Kaspersky Anti Virus Personal 5.0.388.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Kaspersky Anti-Virus v6.0.0.300-TWK.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Kaspersky Anti-Virus v6.0.0.300.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Kaspersky Internet Security v6.0.0.300-TWK.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Kaspersky Internet Security v6.0.0.300.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\LanCalculator 1.0.2.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Luxor Amun Rising v1.5.5.8 Unlocker.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\MOTO GP Ultimate Racing Technology Unlocker.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\McAfee VirusScan Definition 4786.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Medved QuoteTracker 3.7.6F.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Memory Loops v1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Mobile Ringtone Converter v2.3.11-TE.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Mst defrag home edition 1.8.30.58.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\MyLaptopGPS 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\NBA LIVE 2006 2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\NEED FOR SPEED MOST WANTED CDKEY-2RENTZWH0REZ.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\NEED FOR SPEED MOST WANTED.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\NEED FOR SPEED Most Wanted BLACK EDITION PATCH.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\NEED FOR SPEED Most Wanted [MULTI] No-DVD Fixed Image.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Need For Speed Most Wanted ALL ACCESS CHEAT.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Need for Speed Underground 2 NOCD.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Nero 7.0 Nero 7 Ulta Edition.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Nero 7.0.1.2 Premium 7.0.1.2.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Nero Premium Edition v7.2.0.3 KeyMaker.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\NetScream 1.6.19.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Network Inventory Master 4.5.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\NewsLeecher v3.0 Final..Incl CRACK-RESURRECTiON.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Nikon Capture v4.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Norton Internet Security 2006 All.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Online Hold'em Inspector 2.28d1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Online Radio Tuner 1.1.14.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Open Video Capture 1.24.172.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Open Video Joiner 3.0.146.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Oront Burning Kit 1.0.7 beta.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\PC-cillin Antivirus Pattern File 3.513.00.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\PCBoost 3 3.6.19.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\PCHeal 1.6.19.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\PCMedik 6.6.19.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\PCThrust 1.6.19.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\PPT2DVD v2.5.2.128.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\PTFB Pro 3.1.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\PaperCut Quota v5.2.570.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Passware Access Password Recovery Key v6.5.918.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Passwords and Keys 1.25.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Pax Galaxia 1.13.8.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Phota 3.6.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Photo Slide Show 3.0.1.77.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Planner.NET 4.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\PolderbitS Sound Recorder And Editor v4.0.90.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\PowerISO v3.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Prince Of Persia 2 Warrior Within NoDISC-MiNT.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Prince Of Persia 2 Warrior Within NoDISC.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\PrivacyKeyboard 7.3.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Pro Evolution Soccer 5.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Project Reader 3.2.2.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\QUAKE 4 DVD CRACK.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\QUAKE 4 NOCDKEY.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Quake 4 KEYCHECK FiXED-SKULL.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\QuickZip 4.60.016.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\RA Mystery Case Files Prime Suspects v1.2e-CFF.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\RamSmash 1.6.19.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\ReNamer 4.00 RC.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Read news.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Reaper 0.966.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Registry Mechanic 5.2.0.310.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Sd4hide SafeDisc 4 Hider 1.0-SKULL.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Second Sight Unlocker Complete.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Security Task Manager 1.6c.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Security Task Manager v1.6f.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Sims 2 Open For Business.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Skyshape MP3 Resizer v1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\SlySoft CloneDVD v2.7.5.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Slysoft AnyDVD v6.0.0.4-CRD.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Smart Email Verifier 3.40.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Snappy Invoice System 4.3.6.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Song List Generator 3.2.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Splinter Cell Pandora Tomorrow NOCD.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Spyware Doctor v3.1.0.312.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.

the log was too long, continued in next post....

...log continued from last post...

C:\Program Files\LimeWire\Shared\_\Spyware Doctor v3.8.0.2527.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Spyware Doctor v3.8.0.2575-CRD.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Spyware.Doctor.3.5.1.498 3.5.1.498.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Star Wars Battlefront 2.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Steganography 1.7.1.0617.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\StretchWare 1.1.2.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Super Utilities 6.35.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Super Video Cap v4.0.300.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\SuperRam 5.6.19.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Symantec Norton AntiVirus Virus Definition 06 18 2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Symantec Norton AntiVirus Virus Definition 06 19 2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\TRACKMANIA SUNRISE.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\The Elder Scrolls IV Oblivion NoDVD.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\The Godfather The Game NODVD-GHC.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\The Lord of the Rings The Battle for Middle-earth-VENGEANCE.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\The Lord of the Rings The Battle for Middle-earth.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\The Sims 2.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Threshold 1.4.2.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Throttle 6 6.6.19.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\TimeSage 1.3.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Toolbar 2000 6.7.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Total Commander v6.54a.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\TracePlus Web Detective (eBusiness Edition) 4.01.000.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\TrojanHunter v4.1 Build 903.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\TurboFTP 5.00 b.520.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\TweakNow RegCleaner Professional 2.9.2.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\TweakRAM 5.6.6.20.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\TwistedBrush 9.4.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Ulead VideoStudio v9.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Underground Topsites.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\VCOM SystemSuite 6.0.3.6.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\VMware Workstation v5.0.0.13124-ZWT.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\VPOP3 Email Server 2.3.11.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\VSO ConvertXtoDvd.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Vampire The Masquerade Bloodlines v1.2 NoCD.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\VueScan 8.3.53.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\WDReportGen 3.2.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Weather Pulse 2.05.30.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Web Forum & File Sharing Server 4.09.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Web Site Maestro 5.1.3.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\WebCam Monitor 3.63.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\WhereIsIt v3.67.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\WinAVI Video Converter v7.6.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\WinRAR 3.51.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\WinRAR v3.51.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\WinStars 2.076 R1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Windows Genuine Advantage Validation v1.5.530.0-ETH0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Windows vista beta 2 build 5342 2006.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Wondershare Flash SlideShow Builder 2.1.8.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Wondershare Photo Collage Studio 1.3.8.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\WordPipe 5.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\XLCalendar 1.1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\XM Easy Personal FTP Server 5.0.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\XP Repair Pro v2.4.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Xilisoft 3GP Video Converter 3.1.7.0616b.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Xilisoft 3GP Video Converter v2.1.55.1025b.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Xilisoft 3GP Video Converter v3.1.6.0602b.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Xilisoft AVI MPEG Converter 3.1.7.0616b.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Xilisoft DVD to 3GP Converter 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Xilisoft DVD to DivX Converter 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Xilisoft DVD to MP4 Converter 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Xilisoft DVD to PSP Converter 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Xilisoft DVD to Pocket PC Ripper 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Xilisoft DVD to WMV Converter 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Xilisoft DVD to iPod Converter 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\XoftSpy v4.21.134-CRD.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\Zuma Deluxe ALL ACCESS CHEAT.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\avast professional 4.7.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\call of duty 2 key all.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\eReminder 2006 Professional 2.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\iEasyPod 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\iPod Media Studio 2.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\iPod Movie Maker 1.10.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\iPod Photo Slideshow 1.11.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\iPod2PC 3.3.1.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\iRep 2.00 build 1338.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\jmk_football 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\n999tn999tn999tn999t.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\original Valid Windows XP Pro KEY S original Windows XP Pro.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\toca race driver 3.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\tomtom 5.21.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\vCard4Outlook 2.21.0080.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\videos.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\xplorer2 1.6.0.0.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Program Files\LimeWire\Shared\_\zsCompare 3.02.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\WINDOWS\Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\WINDOWS\system32\p2pnetworking.exe -> Backdoor.IRCBot.qc : No action taken.
C:\z.rar/Setup.exe -> Backdoor.IRCBot.qc : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TABO56N\drsmartload45a[1].exe -> Downloader.Adload.bo : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Temporary Internet Files\Content.IE5\OPQRST6J\drsmartload46a[1].exe -> Downloader.Adload.bo : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Temporary Internet Files\Content.IE5\OPQRST6J\drsmartload849a[1].exe -> Downloader.Adload.bo : No action taken.
C:\WINDOWS\system32\dr.exe -> Downloader.Adload.bo : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXAJ09U7\drsmartload[1].exe -> Downloader.Adload.bv : No action taken.
C:\WINDOWS\system32\dmonwv.dll -> Downloader.Agent.agw : No action taken.
C:\wd7gi8n.exe -> Downloader.Agent.ala : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\f5r4Bnh.exe -> Downloader.IstBar : No action taken.
C:\WINDOWS\proxya.exe -> Downloader.IstBar.er : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temporary Internet Files\Content.IE5\NQSZ79KD\installerwnus[1].exe -> Downloader.Qoologic.at : No action taken.
C:\WINDOWS\system32\qomew.dat -> Downloader.Qoologic.bj : No action taken.
C:\526_620.exe -> Dropper.Mudrop.bq : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\B9D11F.tmp/mptft.exe -> Hijacker.StartPage.ajj : No action taken.
C:\WINDOWS\system32\mptft.exe -> Hijacker.StartPage.ajj : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TABO56N\nwnm[1].exe -> Hijacker.VB.fb : No action taken.
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.16:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@122.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@charmingshoppes.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@folica.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@greatschools.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@maxis.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@planetout.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Cookies\nadeau@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\WINDOWS\Temp\Cookies\nadeau@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.39:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@vip.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Cookies\nadeau@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\WINDOWS\Temp\Cookies\nadeau@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.12:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\WINDOWS\Temp\Cookies\nadeau@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfk4cgdjago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfk4gidzoeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfk4opdpeep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfk4qmdzofo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkismazceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkiuhcpoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkiwhczklo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkoqpazsbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkosnazedp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkoujc5ecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkouodpcep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkowmdzoap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkygnczwhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkykodjwdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkyulcpgfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkywlcjoko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfl4oldzmhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfl4soczmco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfliggdzibq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfliqlcpoap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfliujazmfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfliwic5wkq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfloqjd5iho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfmiepd5gkp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfmycncjkgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfmyqgcpeko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgk4gldpmfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgkiapdpwao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgkiwhazmfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgkiwmdpskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgkougcjmcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgkycgd5iaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgkygiajseq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgkyuhcjidp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgl4gicpmcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wglionc5ggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjk4kkdpwkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjk4ohdzalo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkocidzadp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkoknajsbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkokpazaap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkoqodjkao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkosmajwlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkosnczcep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkospdjkgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkoukcjsgp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkycgczaep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkycmcpebp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkyegd5wbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkyglazelp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkyojdzgko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkyujazwho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkyulajsdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjl4cgajccq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjl4gpcpecp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjl4oldjsgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjl4shcpwfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjliahdjgbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjliekc5ceo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjlikhcpedq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjliwmcjabq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjlococ5mlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjloooazadp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjlowjdpceq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjlykoczeco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjlyuncjcgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjlywpdjmep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjmiciajwlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjmyqgcpgdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjny-1kdpcc.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjny-1ld5id.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjny-1pcjwl.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjny-1sd5gl.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnycgczkeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnychczagp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnycidpsfo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyckazgep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyepdjsep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyoicjego.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyomdpkko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyopdjcgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyqhcpihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyskajcfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyuhdzweq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyumcpmkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnywgczwko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnywjczobo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\WINDOWS\Temp\Cookies\nadeau@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Cookies\nadeau@c.goclick[1].txt -> TrackingCookie.Goclick : No action taken.
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@ivwbox[1].txt -> TrackingCookie.Ivwbox : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@sales.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@data1.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@data2.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@data3.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@data4.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@paypopup[1].txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Cookies\nadeau@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\WINDOWS\Temp\Cookies\nadeau@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
:mozilla.44:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.45:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.46:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Cookies\nadeau@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@anat.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\WINDOWS\Temp\Cookies\nadeau@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\WINDOWS\Temp\Cookies\nadeau@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@media.top-banners[1].txt -> TrackingCookie.Top-banners : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Cookies\nadeau@media.top-banners[1].txt -> TrackingCookie.Top-banners : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Cookies\nadeau@login.tracking101[2].txt -> TrackingCookie.Tracking101 : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.36:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.37:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@webstat[1].txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@yadro[2].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Nadeau\Cookies\nadeau@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Cookies\nadeau@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\WINDOWS\Temp\Cookies\nadeau@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\WINDOWS\Temp\Cookies\nadeau@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\WINDOWS\Temp\Cookies\administrator@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\unwn.exe -> Trojan.Qoologic : No action taken.
C:\WINDOWS\system32\ssec.exe -> Trojan.Runner.h : No action taken.
C:\WINDOWS\system32ssec.exe -> Trojan.Runner.h : No action taken.
C:\Program Files\Common Files\simtest\sysstall.exe -> Trojan.Zapchast.bl : No action taken.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 1:41:14 PM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\mptft.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\WINDOWS\system32\ssec.exe
C:\WINDOWS\system32\nr1rnqm8.exe
C:\WINDOWS\system32\tfthot.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\DOCUME~1\Nadeau\APPLIC~1\FNTS~1\svchost.exe
C:\PROGRA~1\STEM32~1\WWEXEC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\bboek.exe
F2 - REG:system.ini: UserInit=userinit.exe,mvuiubj.exe
O2 - BHO: Yvakt Class - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\system32\x3cqp0.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [{C8-8C-CB-B6-ZN}] c:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Nadeau\APPLIC~1\FNTS~1\svchost.exe" -vt yazr
O4 - HKCU\..\Run: [Hjuvwmr] C:\PROGRA~1\STEM32~1\WWEXEC~1.EXE
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095826219607
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125511794843
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\system32\x3cqp0.dll
O20 - AppInit_DLLs: mshta.dll C:\WINDOWS\system32\mshta.dll
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\h8l2li3o18.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Ewido is choking on the sheer number of infected files added by the IRCbot trojan so nothing got "fixed"

Try deleting this entire folder which is where it has deposited all the infected copies of itself:
C:\Program Files\LimeWire\Shared

Uninstall LimeWire since that is what it is targeting. That may help Besides, I can give you spyware-free alternatives if you need a p2p application.

Then run Ewido again and choose to quarantine all infected files, then save the report and post it back here.
I realize how difficult safe mode is, but it gives the program the best chance of disinfecting some of the more difficult trojans (like qoologic trojan - very hard to remove)

This computer is infected with a multitude of nasties, so it is going to take a number of steps and different tools to get all of it. It might just be easier to backup any important data and reformat/reinstall if that is an easy option for you.

Hopefully Ewido is at least blocking any new downloads of malware to your system, which is what the main infector does.

OK, here's another report after deleting the limewire shared folder. By the way, Ewido is unable to activate the "resident shield" so I don't know if it's protecting. This may just be because I'm in safe mode, (I've been pretty much running exclusively in safe mode because normal mode barely works.)


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:59:05 PM 6/21/2006

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RelevantKnowledge -> Adware.BroadCastPC : Cleaned with backup (quarantined).
C:\Documents and Settings\Nadeau\Application Data\Fоnts\svchost.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Documents and Settings\Nadeau\Local Settings\Temp\!update.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Documents and Settings\Nadeau\Local Settings\Temp\temp.fr2C3D -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Nadeau\Local Settings\Temp\temp.frAE9E -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Awdiodev.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\LCGIF80N.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ajl71.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\chmpobj.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\d8j02i1mg8.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dkdskmgr.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dnr8019ue.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dqnhpast.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dqsenh.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dvkquoui.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ggtuname.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gp0ql3d51.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gpl0l33m1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\h20qlcd51f0.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\i4600ejmehoa0.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\i4lo0e33eh.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\irl2l53o1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\j8p0li7m18.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jlpl400.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jt2m07f1e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kqdhu1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kt60l7jm1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kt6sl7j71.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ktr0l79m1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kxdsl1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lv4009hme.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mcprivs.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mhxml2r.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mqglibnt.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mvacm.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\n8n60i5se8.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\o2ro0c93ef.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\p2r40c9qef.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pnfmgr.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sarmdll.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\scnsapi.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sgcbase.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sjkit432.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sqkit432.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\t68u0gl9e6q.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wbdmtpdr.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wcn87em.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wnploc.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wpps.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wqploc.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wzaueng1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\ѕуstem32\wοwexec.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
[1128] C:\WINDOWS\system32\mshta.dll -> Adware.PurityScan : Error during cleaning.
C:\Documents and Settings\Nadeau\Local Settings\Temp\is-STD0C.tmp\whenU\SAVE-SYNCmInst.exe/Save.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Nadeau\Local Settings\Temp\is-STD0C.tmp\whenU\SAVE-SYNCmInst.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Nadeau\Local Settings\Temp\is-STD0C.tmp\whenU\SAVE-SYNCmInst.exe/Sync.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Nadeau\Local Settings\Temp\is-STD0C.tmp\whenU\SAVE-SYNCmInst.exe/Uninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Nadeau\Local Settings\Temp\whenu.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tfthot.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32tfthot.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gbe90qs.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\Nadeau\Local Settings\Temp\i120.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\iconu.exe -> Adware.Zestyfind : Cleaned with backup (quarantined).
C:\WINDOWS\Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\z.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\Nadeau\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TABO56N\drsmartload45a[1].exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\Documents and Settings\Nadeau\Local Settings\Temp\Temporary Internet Files\Content.IE5\OPQRST6J\drsmartload46a[1].exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\Documents and Settings\Nadeau\Local Settings\Temp\Temporary Internet Files\Content.IE5\OPQRST6J\drsmartload849a[1].exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dr.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\Documents and Settings\Nadeau\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXAJ09U7\drsmartload[1].exe -> Downloader.Adload.bv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmonwv.dll -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\wd7gi8n.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\Documents and Settings\Nadeau\Local Settings\Temp\f5r4Bnh.exe -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\WINDOWS\proxya.exe -> Downloader.IstBar.er : Cleaned with backup (quarantined).
C:\Documents and Settings\Nadeau\Local Settings\Temporary Internet Files\Content.IE5\NQSZ79KD\installerwnus[1].exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qomew.dat -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\Documents and Settings\Nadeau\Local Settings\Temp\B9D11F.tmp/mptft.exe -> Hijacker.StartPage.ajj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mptft.exe -> Hijacker.StartPage.ajj : Cleaned with backup (quarantined).
C:\Documents and Settings\Nadeau\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TABO56N\nwnm[1].exe -> Hijacker.VB.fb : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@charmingshoppes.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@folica.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@greatschools.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@maxis.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@planetout.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Cookies\nadeau@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.39:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Cookies\nadeau@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.12:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfk4cgdjago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfk4gidzoeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfk4opdpeep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfk4qmdzofo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkismazceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkiuhcpoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkiwhczklo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkoqpazsbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkosnazedp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkoujc5ecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkouodpcep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkowmdzoap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkygnczwhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkykodjwdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkyulcpgfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfkywlcjoko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfl4oldzmhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfl4soczmco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfliggdzibq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfliqlcpoap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfliujazmfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfliwic5wkq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfloqjd5iho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfmiepd5gkp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfmycncjkgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wfmyqgcpeko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgk4gldpmfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgkiapdpwao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgkiwhazmfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgkiwmdpskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgkougcjmcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgkycgd5iaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgkygiajseq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgkyuhcjidp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wgl4gicpmcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wglionc5ggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjk4kkdpwkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjk4ohdzalo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkocidzadp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkoknajsbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkokpazaap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkoqodjkao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkosmajwlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkosnczcep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkospdjkgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkoukcjsgp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkycgczaep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkycmcpebp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkyegd5wbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkyglazelp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkyojdzgko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkyujazwho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjkyulajsdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjl4cgajccq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjl4gpcpecp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjl4oldjsgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjl4shcpwfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjliahdjgbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjliekc5ceo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjlikhcpedq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjliwmcjabq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjlococ5mlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjloooazadp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjlowjdpceq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjlykoczeco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjlyuncjcgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjlywpdjmep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjmiciajwlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjmyqgcpgdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjny-1kdpcc.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjny-1ld5id.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjny-1pcjwl.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjny-1sd5gl.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnycgczkeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnychczagp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnycidpsfo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyckazgep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyepdjsep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyoicjego.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyomdpkko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyopdjcgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyqhcpihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyskajcfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyuhdzweq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnyumcpmkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnywgczwko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@e-2dj6wjnywjczobo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Cookies\nadeau@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.55:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Cookies\nadeau@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.44:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.45:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.46:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Cookies\nadeau@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\qtv754pr.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Cookies\nadeau@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Cookies\nadeau@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.36:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.37:C:\Documents and Settings\Nadeau\Application Data\Netscape\NSB\Profiles\atbrevc1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Nadeau\Cookies\nadeau@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Nadeau\Local Settings\Temp\Cookies\nadeau@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\unwn.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ssec.exe -> Trojan.Runner.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32ssec.exe -> Trojan.Runner.h : Cleaned with backup (quarantined).


::Report end

Well, that looks better. There is probably more to do. Could I see a fresh HijackThis log please. Can you get into normal mode now? If so that would be better to see a HijackThis log from normal mode.

Logfile of HijackThis v1.99.1
Scan saved at 7:23:46 PM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\WINDOWS\system32\nr1rnqm8.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\bboek.exe
F2 - REG:system.ini: UserInit=userinit.exe,mvuiubj.exe
O2 - BHO: Yvakt Class - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\system32\x3cqp0.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [{C8-8C-CB-B6-ZN}] c:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Nadeau\APPLIC~1\FNTS~1\svchost.exe" -vt yazr
O4 - HKCU\..\Run: [Hjuvwmr] C:\PROGRA~1\STEM32~1\WWEXEC~1.EXE
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095826219607
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125511794843
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\system32\x3cqp0.dll
O20 - AppInit_DLLs: mshta.dll C:\WINDOWS\system32\mshta.dll
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\h8l2li3o18.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe

2. Double click on combofix.exe & follow the prompts.

Note: If you receive a popup with a Disclaimer, read that and answer Y for yes (or N for no)
Y is recommended (if you put N, the tool will exit without fixing and will remove the combofix file and folders)

Do NOT click on the window while the fix is running, because that will cause your system to hang and the fix to stall.

3. When finished, it shall produce a log for you. Post that log in your next reply

Running Combo Fix gives me a window titled "windows script host" that reads "There is no script engine for file extension '.vbs'"

Ok, got some ideas to try from miekiemoes

Try disabling Norton Script Blocking (if you have it enabled)
(Instructions are here: http://service1.symantec.com/SUPPORT/nav.n...001082912274906 )

And then try to run ComboFix.
...................................
If that doesn't work and you get the same error, do this next please:
Open notepad and copy and paste the following text you see in bold

ftype vbsfile >> look.txt
start notepad look.txt

Save this as look.bat , choose to save as type of *all files* and place it on your desktop.

It should look like this:

Doubleclick on it and notepad should open.
Copy and paste the contents of it in your next reply.

OK, disabling norton script blocking didn't seem to effect ComboFix. Here is the result of running the bat file that you described.

vbsfile=%SystemRoot%\System32\WScript.exe "%1" %*

I hope that's what we were looking for. I wanted to avoid reformatting my drive as I have so much stuff to back-up but I'm definately starting to consider it! Although on the other hand I kind of hate to admit defeat. I guess we'll keep plugging away at it for a little while anyway.

By the way, you said you could recomend a "spyware free" p2p program. I thought it was sort of an inherrent risk with p2p since you can never be sure of the source of what your downloading; but I'm up for trying a new program if you think it's safer.

That's all for now,

later!

You did fine and that file association looks ok.

Could you search your system for the Windows Script Host file: WScript.exe to make sure it is not missing? Let me know what you find.

I'm signing off for the evening soon. Will catch up to your reply tomorrow.

There is a file called WScript.exe in the following directories:

C:\WINDOWS|$NtServicePackUninstall$
C:\WINDOWS\Prefetch
C:\WINDOWS\system32
C:\WINDOWS\ServicePackFiles\i386

Ok, we'll try another route.

Please download Look2Me-Destroyer.exe to your desktop.

• Close all windows before continuing.
• Double-click Look2Me-Destroyer.exe to run it.
• Put a check next to Run this program as a task.
• You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
• When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
• Once it's done scanning, click the Remove L2M button.
• You will receive a Done Scanning message, click OK.
• When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
• Your computer will then shutdown.
• Turn your computer back on.
• Please post the contents of Look2Me-Destroyer.txt (it can be found wherever you saved Look2Me-Destroyer.exe) and a new HiJackThis log.

If Look2Me-Destroyer does not reopen automatically, reboot and try again.

Logfile of HijackThis v1.99.1
Scan saved at 11:26:14 PM, on 6/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\krwakv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bboek.exe
C:\WINDOWS\system32\bboek.exe
C:\WINDOWS\system32\bboek.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\bboek.exe
F2 - REG:system.ini: UserInit=userinit.exe,mvuiubj.exe
O2 - BHO: Yvakt Class - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\system32\x3cqp0.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [{C8-8C-CB-B6-ZN}] c:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [kibrkt] C:\WINDOWS\system32\krwakv.exe reg_run
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Nadeau\APPLIC~1\FNTS~1\svchost.exe" -vt yazr
O4 - HKCU\..\Run: [Hjuvwmr] C:\PROGRA~1\STEM32~1\WWEXEC~1.EXE
O4 - HKCU\..\Run: [gfitl] C:\WINDOWS\system32\krwakv.exe reg_run
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dyjbq.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095826219607
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125511794843
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\system32\x3cqp0.dll
O20 - AppInit_DLLs: mshta.dll C:\WINDOWS\system32\mshta.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 6/23/2006 11:00:18 PM

Infected! C:\WINDOWS\system32\h8l2li3o18.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048699.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048707.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048720.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048724.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048906.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048914.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048971.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048982.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048988.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048994.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0049014.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0052017.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0053017.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0061017.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063038.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063043.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063072.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063076.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063083.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063096.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063109.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063113.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063118.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0064130.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0064135.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0064139.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0064145.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0065142.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0065156.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0065161.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0065174.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066186.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066284.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066286.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066287.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066288.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066289.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066290.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066291.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066292.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066293.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066294.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066295.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066296.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066297.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066298.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066299.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066300.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066301.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066302.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066303.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066304.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066305.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066306.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066307.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066308.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066309.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066310.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066311.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066312.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066313.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066314.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066315.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066316.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066317.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066318.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066319.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066320.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066321.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066322.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066323.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066324.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066325.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066326.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066327.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066328.dll
Infected! C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066329.dll

Attempting to delete infected files...

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048699.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048699.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048707.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048707.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048720.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048720.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048724.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048724.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048906.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048906.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048914.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048914.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048971.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048971.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048982.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048982.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048988.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048988.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048994.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0048994.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0049014.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0049014.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0052017.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0052017.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0053017.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0053017.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0061017.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0061017.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063038.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063038.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063043.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063043.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063072.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063072.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063076.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063076.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063083.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063083.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063096.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063096.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063109.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063109.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063113.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063113.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063118.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0063118.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0064130.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0064130.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0064135.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0064135.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0064139.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0064139.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0064145.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0064145.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0065142.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0065142.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0065156.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0065156.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0065161.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0065161.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0065174.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0065174.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066186.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066186.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066284.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066284.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066286.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066286.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066287.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066287.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066288.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066288.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066289.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066289.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066290.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066290.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066291.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066291.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066292.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066292.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066293.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066293.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066294.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066294.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066295.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066295.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066296.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066296.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066297.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066297.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066298.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066298.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066299.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066299.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066300.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066300.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066301.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066301.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066302.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066302.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066303.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066303.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066304.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066304.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066305.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066305.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066306.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066306.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066307.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066307.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066308.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066308.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066309.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066309.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066310.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066310.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066311.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066311.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066312.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066312.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066313.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066313.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066314.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066314.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066315.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066315.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066316.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066316.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066317.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066317.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066318.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066318.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066319.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066319.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066320.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066320.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066321.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066321.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066322.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066322.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066323.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066323.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066324.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066324.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066325.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066325.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066326.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066326.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066327.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066327.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066328.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066328.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066329.dll
C:\System Volume Information\_restore{A1426E09-0B46-4579-AA3D-7C9CE30ED9A7}\RP388\A0066329.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E685DFA8-1DDE-4F6E-8C6D-E752E32E1D03}"
HKCR\Clsid\{E685DFA8-1DDE-4F6E-8C6D-E752E32E1D03}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B19E1FD0-A5E7-4884-A296-B144C150A543}"
HKCR\Clsid\{B19E1FD0-A5E7-4884-A296-B144C150A543}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2A4D7D52-14D9-4C36-9770-54F468A12523}"
HKCR\Clsid\{2A4D7D52-14D9-4C36-9770-54F468A12523}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{84E10D14-800D-4550-AE35-A2DA674D9F9F}"
HKCR\Clsid\{84E10D14-800D-4550-AE35-A2DA674D9F9F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{311AF1C7-0EB3-4215-BFCA-B77384CA3A66}"
HKCR\Clsid\{311AF1C7-0EB3-4215-BFCA-B77384CA3A66}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D97B391F-E28F-49CF-83E2-E68E78004C04}"
HKCR\Clsid\{D97B391F-E28F-49CF-83E2-E68E78004C04}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FB083C9D-2F21-426F-9C64-F49F85933CB0}"
HKCR\Clsid\{FB083C9D-2F21-426F-9C64-F49F85933CB0}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{69EE07B2-D2D1-4FCE-9DC3-A4B1B13F7B8C}"
HKCR\Clsid\{69EE07B2-D2D1-4FCE-9DC3-A4B1B13F7B8C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{61D37B1D-CB3B-4B1D-AC8B-D6398601C18C}"
HKCR\Clsid\{61D37B1D-CB3B-4B1D-AC8B-D6398601C18C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0CD4ADD9-1EEE-4ED0-8B8A-4D9A0C9A56F8}"
HKCR\Clsid\{0CD4ADD9-1EEE-4ED0-8B8A-4D9A0C9A56F8}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3728CBE3-D337-4052-A617-50C7F7E56340}"
HKCR\Clsid\{3728CBE3-D337-4052-A617-50C7F7E56340}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{56277895-CC53-4EA4-8D86-FC66B5C90F6E}"
HKCR\Clsid\{56277895-CC53-4EA4-8D86-FC66B5C90F6E}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1E85840D-0659-497C-BD91-EC455A9026A1}"
HKCR\Clsid\{1E85840D-0659-497C-BD91-EC455A9026A1}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4A0EE000-7CD7-40D6-AD2A-8AD43B32EC77}"
HKCR\Clsid\{4A0EE000-7CD7-40D6-AD2A-8AD43B32EC77}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{219461C2-EC01-426D-9E57-349B0DD6CA46}"
HKCR\Clsid\{219461C2-EC01-426D-9E57-349B0DD6CA46}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BDEF0494-EE4B-4916-A4BB-A12E75614968}"
HKCR\Clsid\{BDEF0494-EE4B-4916-A4BB-A12E75614968}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F3D72D5E-BED8-4104-945A-7C8A9A132D47}"
HKCR\Clsid\{F3D72D5E-BED8-4104-945A-7C8A9A132D47}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A95D2B2F-DE82-4E0C-9039-F7222034FDD8}"
HKCR\Clsid\{A95D2B2F-DE82-4E0C-9039-F7222034FDD8}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E638FB50-C4A1-4518-8B23-2524E9408077}"
HKCR\Clsid\{E638FB50-C4A1-4518-8B23-2524E9408077}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{689BA2CA-5B8F-4E65-9B9F-55CB0D1D0810}"
HKCR\Clsid\{689BA2CA-5B8F-4E65-9B9F-55CB0D1D0810}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{CC71BC5A-C436-4A4E-8229-1E96AA9DE0BB}"
HKCR\Clsid\{CC71BC5A-C436-4A4E-8229-1E96AA9DE0BB}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BAD3D97F-F2E8-4DD3-96FC-454E21C1082C}"
HKCR\Clsid\{BAD3D97F-F2E8-4DD3-96FC-454E21C1082C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2347EB2D-6C01-4089-BCFE-90ACCFA8B347}"
HKCR\Clsid\{2347EB2D-6C01-4089-BCFE-90ACCFA8B347}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

At this point I need a list of installed programs, some need to be removed from there first.

Open HijackThis and choose *Open Misc Tools Section*
Choose *Open Uninstall Manager*
When it presents a list, press *Save List*
Copy and paste the results back here.
..................
Next,

Please download Brute Force Uninstaller to your desktop. (rightclick on this link and choose save as, if using IE save target as)

• Right click the BFU folder on your desktop, and choose Extract All
• Click "Next"
• In the box to choose where to extract the files to,
• Click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk (C:) or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
• Download qoofix.bat (rightclick on this link and choose save as, if using IE save target as)
• Place qoofix.bat in your C:\BFU - folder. (Important!)
• Doubleclick qooFix.bat, Close all browsers and explorer folders.
• Choose option 1 (Qoolfix autofix) and follow the prompts.
• Please be patient, it will take about five minutes.
• After the PC has restarted please post another hijackthis log.

4PLAY 4.95 for Windows 95
Ad-Aware SE Personal
Adobe Photoshop 7.0
Adobe Reader 7.0
AdvancedDVDPlayer 1.15
Ahead Nero - Burning Rom
AOL Instant Messenger
Auto Gordian Knot 1.60
Avery® Wizard 2.1 for Microsoft® Word 2002
AviSynth 2.5
Black & White Creature Isle
Black and White
blueprint MenuEditor 1.1.0
CDex extraction audio
CEP - Color Enable Package
Dell ResourceCD
Deskcalc SE
Diner Dash (remove only)
DivX Codec
DivX Codec 3.1alpha release
DivX DVD Ripper 1.2
DVD Decrypter (Remove Only)
EA downloader
Easy CD Creator 5 Basic
EliSims 2.12
FilePlanet Download Manager 2.1
FlashCatcher
Forethought
GoldWave v5.10
Google Earth
Google Toolbar for Internet Explorer
HijackThis 1.99.1
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Kazaa Lite K++ v2.4.3
Leisure Suit Larry's Casino
LiveReg (Symantec Corporation)
LiveUpdate 1.7 (Symantec Corporation)
LiveUpdate BVRP Software
Living Beaches Wallpaper #2
Logitech Desktop Messenger
Logitech IM Video Companion
Logitech ImageStudio
Logitech Print Service
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Shockwave Player
MediaFACE II
MemoriesOnTV 2.1.6
Microsoft .NET Framework 1.1
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
mIRC
mobile PhoneTools
Monopoly
MSN Messenger 7.5
MSN Music Assistant
Mystery Case Files Huntsville
Netscape Browser (remove only)
Network Play System (Patching)
No Doubt - Rock Steady
Norton AntiVirus 2002
Norton WMI Update
OfficePrinter 2.0
PowerDVD
Quicklinks
QuickTime
RealPlayer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
ShrinkTo5 GUI
SimPE 0.58 (alpha)
Sims2Pack Clean Installer
Spybot - Search & Destroy 1.4
Super DVD Ripper v1.89
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 University
The Sims Makin' Magic
ToolBar888
Uninstall MPEG2 Plugin
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Verizon Online
Verizon Online Support Center
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VIRTUAL JUGGLER 3D DEMO (remove only)
VobSub v2.23 (Remove Only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Messenger 5.1
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
XviD MPEG-4 Video Codec
Yahoo! Address AutoComplete
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

Logfile of HijackThis v1.99.1
Scan saved at 11:15:33 PM, on 6/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\bboek.exe
F2 - REG:system.ini: UserInit=userinit.exe,mvuiubj.exe
O2 - BHO: Yvakt Class - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\system32\x3cqp0.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [{C8-8C-CB-B6-ZN}] c:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [kibrkt] C:\WINDOWS\system32\krwakv.exe reg_run
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Nadeau\APPLIC~1\FNTS~1\svchost.exe" -vt yazr
O4 - HKCU\..\Run: [Hjuvwmr] C:\PROGRA~1\STEM32~1\WWEXEC~1.EXE
O4 - HKCU\..\Run: [gfitl] C:\WINDOWS\system32\krwakv.exe reg_run
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095826219607
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125511794843
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\system32\x3cqp0.dll
O20 - AppInit_DLLs: mshta.dll C:\WINDOWS\system32\mshta.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Was there a problem or error running BFU Qoofix? I think it could be possible that Norton Scriptblocking service is interfering here, so disable that service;

* Disable the Script Blocking Service:

* To open Services, click Start, point to Settings, and then click Control Panel. Double-click Administrative Tools, and then double-click Services.
* Find ScriptBlocking services, Right-click the service, and then click and then click Properties. On the General tab, under Startup, click Disabled.
* Under Service Status, click Stop button. Click Apply button.

* Disable the Script Blocking In Norton Settings:

* Start Norton Antivirus.
* Click Options. If a menu appears when you click Options, then click Norton Antivirus. The Norton Antivirus Options dialog box appears.
* Click Script Blocking.
* Uncheck Enable Script Blocking (recommended).
* Click OK

You can re-enable it afterwards when everything is clean again.

Please go up to the Qoofix instructions and make sure you follow the steps exactly. Your computer should reboot afterwards. If not, please restart it and scan once more with Hijackthis and post a fresh log.
............................................................
In your Control Panel under Add/Remove programs, highlight each of these and press *remove*

Forethought

J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6

Quicklinks

ToolBar888

J2SE Runtime is Sun Java and those are old vulnerable versions which need to be removed manually.

Old versions left on your pc, even after updating can be vulnerable to malware exploit.

You can then get the latest version of Sun Java here:
http://www.java.com/en/download/manual.jsp

Here's why removing old versions of Sun Java is important:
Potential Vulnerability with Sun Java auto update
http://www.dslreports.com/forum/remark,14738046

* To open Services, click Start, point to Settings, and then click Control Panel. Double-click Administrative Tools, and then double-click Services.
* Find ScriptBlocking services, Right-click the service, and then click and then click Properties. On the General tab, under Startup, click Disabled.
* Under Service Status, click Stop button. Click Apply button.

Quicklinks

ToolBar888[/b]


I disable Script Blocking in Norton Anti-virus. I don't see any "Administrative Tools" or "Services" to click on on the control panel in the windows start menu. So I uninstalled those programs. Quicklinks and ToolBar888 give me error messages that they may have already been removed. Here is my latest HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 4:53:07 PM, on 6/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Yvakt Class - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\system32\x3cqp0.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{C8-8C-CB-B6-ZN}] c:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Nadeau\APPLIC~1\FNTS~1\svchost.exe" -vt yazr
O4 - HKCU\..\Run: [Hjuvwmr] C:\PROGRA~1\STEM32~1\WWEXEC~1.EXE
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095826219607
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125511794843
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\system32\x3cqp0.dll
O20 - AppInit_DLLs: mshta.dll C:\WINDOWS\system32\mshta.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Go to Start > Run and type in the box: services.msc

Find the following in the list of services:

ScriptBlocking Service (SBService)

What is the Status listed? If it is running, click on it and press *stop the service* Change the startup type to *Manual* Then try running qoofix again please. Post a fresh HijackThis log.

OK, Script blocking service in windows was not running, but I did change the startup type from automatic to manual, restarted the computer and ran qoofix.bat again. Here's another hijackthis log. Windows seems to be running pretty smooth now, by the way. And no pop ups and what not.

Logfile of HijackThis v1.99.1
Scan saved at 11:46:13 PM, on 6/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Yvakt Class - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\system32\x3cqp0.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{C8-8C-CB-B6-ZN}] c:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Nadeau\APPLIC~1\FNTS~1\svchost.exe" -vt yazr
O4 - HKCU\..\Run: [Hjuvwmr] C:\PROGRA~1\STEM32~1\WWEXEC~1.EXE
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095826219607
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125511794843
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\system32\x3cqp0.dll
O20 - AppInit_DLLs: mshta.dll C:\WINDOWS\system32\mshta.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Make sure your PC is configured to show hidden files
How to Show Hidden Files
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

......................................................
Scan with HijackThis and checkmark these entries, then press the *fix checked* button

R3 - Default URLSearchHook is missing

O2 - BHO: Yvakt Class - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\system32\x3cqp0.dll (file missing)

O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)

O4 - HKLM\..\Run: [{C8-8C-CB-B6-ZN}] c:\windows\system32\dwdsregt.exe GID003

O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Nadeau\APPLIC~1\FNTS~1\svchost.exe" -vt yazr

O4 - HKCU\..\Run: [Hjuvwmr] C:\PROGRA~1\STEM32~1\WWEXEC~1.EXE

O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe

O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\system32\x3cqp0.dll

O20 - AppInit_DLLs: mshta.dll C:\WINDOWS\system32\mshta.dll

Delete these files and/or folders (if found)

c:\windows\system32\dwdsregt.exe (file)

C:\DOCUMENTS AND SETTINGS\Nadeau\APPLICATION DATA\FNTS... (folder) Folder name starts with those letters but will be longer.

C:\PROGRAM FILES\STEM32... (folder) Folder name starts with those letters but will be longer.

C:\Program Files\Common Files\svchostsys (folder)

C:\WINDOWS\system32\x3cqp0.dll (file)

C:\WINDOWS\system32\mshta.dll (Note: the extension is .dll. Do NOT confuse with the legitimate file that has an extension of .exe (mshta.exe is legitimate whereas mshta.dll is the bad file)

Reboot your computer. Please scan once more with HijackThis and post a fresh log

Upon pressing "Fix Checked" HijackThis gave me this message
**
An unexpected error has occurred at procedure: modBackup_MakeBackup(sltem=20
Applnit_DLLs: mshta.dll c:\WINDOWS\system32\mshta.dll)
Error #5 - Invalid procedure call or argument

Click OK to continue the rest of the scan
**

I did another scan and all the items you had me checked did seem to be gone. I used windows explorer to try to find and delete the other files you mentioned. I didn't find any of them despite checking "show hidden files and folders" and unchecking "hide protected operating system files"

Here is another HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 11:57:02 AM, on 6/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095826219607
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125511794843
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Sometimes the actual file has already been removed in a prior cleaning step and all we are seeing is the associated registry entry in HijackThis. And even though you got an error on "fixing" it did delete the 020 item just fine. It all looks good now, except one small thing I missed earlier.

Scan with HijackThis and checkmark this item, then press the *fix checked* button:

O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM

Delete this folder (if found)
C:\Program Files\ToolBar888

You can delete any and all of the special tools I had you download for various fixes. They won't be needed again and don't stay updated for new variants...then we would have you download a fresh copy anyway.

Some final cleanup and prevention recomendations follow.

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files.

• Quit Internet Explorer and quit any instances of Windows Explorer.
• Click Start, click Control Panel, and then double-click Internet Options.
• On the General tab, click Delete Files under Temporary Internet Files.
• In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  
• Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
• Click OK.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.


Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405

Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help .
How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620

I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.microsoft.com/microsoftupdate/

And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.

Also visit this Free Online Scanner for PC Health and Safety
http://safety.live.com/site/en-US/default.htm
and Microsoft Security At Home
http://www.microsoft.com/athome/security/default.mspx
for tips to Protect your Pc, Protect yourself and Protect your Family.

Thank you so much for all your help!!!!!



Not only did you help me nurse my sick computer back to health, you've turned me on to some good programs and I've learned a few things about how to beef up my security a bit to help prevent unwittingly downloading so many nasties. By the way...what do you reccomend for a good p2p program?

You're welcome! Glad we could help

SpywareInfoforum has a good list of clean & infected P2P programs here:
http://www.spywareinfoforum.info/articles/p2p/