IanG

It was in the msconfig, hidden as a system32 file 3 times... stupid me!

Nevermind, I got it fixed... hehe

Hey! I got the Windows ME machine up without a reformat. Drivers are good, everything. However, whenever I boot up the machine, I get 2 My Documents windows that pop up, a Network Login (Normal), and when I close the Network Login, another My Documents window. How do I get rid of these My Documents windows popping up upon start-up?

LOL <3 Family Guy

Logfile of HijackThis v1.99.1 Scan saved at 7:30:30 AM, on 10/27/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Browser Mouse\mouse32a.exe C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\AIM\aim.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Symantec AntiVirus\DoScan.exe C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\wuauclt.exe C:\New Folder\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0002.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thats going to give me nightmares... ****, that thing was ugly.

FZWG, were making great progress I think! I haven't gotten any SurfSideKick popups yet from Ewido, or popups in general! Also, were using WindowsXP Home. I have the WindowsXP CD. Are there any programs that I can use, that doens't hog many resources, to prevent the installation of spyware such as this one? My sister tends to not know what she is installing. Newest scan: Logfile of HijackThis v1.99.1 Scan saved at 3:28:38 PM, on 10/25/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\AIM\aim.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\wuauclt.exe C:\New Folder\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0002.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

We're making progress. When I start up Windows, it says "repairs302972949.dll is not a valid windows image" or something for each program that starts up. Ewido isn't giving me an alert for it either. Logfile of HijackThis v1.99.1 Scan saved at 5:46:37 AM, on 10/25/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Browser Mouse\mouse32a.exe C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\AIM\aim.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\wuauclt.exe C:\New Folder\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [surfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [surfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0002.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - AppInit_DLLs: repairs302972949.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

FZWG, We have a problem. I did this step: Double click the Appinit_Dlls value on right pane -In the Data Editor window, go to the Value box -Click on the following to highlight: C:\WINDOWS\system32\repairs302972949.dll -Clear the data -Select: Apply -Select: OK Ok. But Repairs creates a new Windows folder after I rename it, and makes another Windows folder after I rename it. It makes just 1 file named AppInIt_dlls, and I am unable to remore Repairs302972949.dll, because after I say yes, it pops right back into the data field. I even try deleting the Windows file which only contains Appinit_Dlls, and it pops right back up. I am unable to rename the file we were working on to Windows, because repairs keeps replacing itsself. Edit: Not to mention, if I rename the Windows folder that only has repairs3029... in it, it renames. However, if I rename the cleaned folder to Windows, it does not allow it.

Latest HJT log: Logfile of HijackThis v1.99.1 Scan saved at 7:46:07 AM, on 10/24/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Browser Mouse\mouse32a.exe C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\AIM\aim.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\New Folder\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [surfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [surfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0002.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - AppInit_DLLs: repairs302972949.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

:mozilla.143:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.144:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.145:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.146:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.147:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.148:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.163:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.164:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.165:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.166:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.167:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.168:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.169:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup -> : Error during cleaning :mozilla.176:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.177:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.178:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.179:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.180:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.193:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.194:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.195:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.204:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.209:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.210:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.211:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.215:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Targetnet : Cleaned with backup :mozilla.216:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Targetnet : Cleaned with backup :mozilla.217:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.218:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.219:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.220:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Bluestreak : Cleaned with backup :mozilla.221:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Coremetrics : Cleaned with backup :mozilla.235:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.236:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.243:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.244:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.245:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.246:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.252:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Shopathomeselect : Cleaned with backup :mozilla.254:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Shopathomeselect : Cleaned with backup :mozilla.255:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Shopathomeselect : Cleaned with backup :mozilla.259:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.260:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.261:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.277:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.298:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Hypertracker : Cleaned with backup :mozilla.301:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Clickhype : Cleaned with backup :mozilla.304:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.305:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.306:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Itrack : Cleaned with backup :mozilla.310:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Adtrak : Cleaned with backup :mozilla.311:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Adtrak : Cleaned with backup :mozilla.318:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.320:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.332:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Adorigin : Cleaned with backup :mozilla.333:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Adorigin : Cleaned with backup :mozilla.336:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Adorigin : Cleaned with backup :mozilla.338:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.339:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.361:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Masterstats : Cleaned with backup :mozilla.234:C:\RECYCLER\NPROTECT\00111534.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.224:C:\RECYCLER\NPROTECT\00112228.MOZ -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\WINDOWS\system32\93_app13.exe -> TrojanDropper.Agent.xw : Cleaned with backup C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup ::Report End

There is only 1 user on this computer. Ewido says it cleaned the repairs538592352 or whatever, but I keep getting an "Infected File" popup from Ewido for repairs(numbers).dll --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 7:35:09 AM, 10/24/2005 + Report-Checksum: 102C9D62 + Scan result: [564] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [612] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [624] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [776] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [828] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [900] C:\WINDOWS\System32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [964] C:\WINDOWS\System32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [1100] C:\WINDOWS\System32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [1376] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [1508] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [1872] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [1908] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [1920] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [1976] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [1984] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [1992] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [2004] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [2012] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [116] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [520] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [868] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [1008] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [1488] C:\WINDOWS\System32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [1732] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [1828] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [2280] C:\WINDOWS\System32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [3108] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup [3128] C:\WINDOWS\system32\repairs302972949.dll -> Spyware.SurfSide : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Realtracker : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Adtrak : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Alix\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\Documents and Settings\Alix\Local Settings\Temp\ssk3_b5.exe -> TrojanDropper.Small.qn : Cleaned with backup C:\New Folder\backups\backup-20051021-234402-290.dll -> Spyware.SideSearch : Cleaned with backup C:\Program Files\SurfSideKick 3\SskBho.dll -> Spyware.SurfSide : Cleaned with backup C:\Program Files\SurfSideKick 3\SskCore.dll -> Spyware.SurfSide : Cleaned with backup :mozilla.32:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.33:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.37:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.50:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.52:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.53:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.64:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.67:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.70:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.71:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.91:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Addynamix : Cleaned with backup :mozilla.92:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Addynamix : Cleaned with backup :mozilla.101:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.120:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.123:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.124:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.127:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Coremetrics : Cleaned with backup :mozilla.150:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.151:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.162:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.163:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.168:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.169:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.173:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.174:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.176:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.177:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.196:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.213:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.224:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Hypertracker : Cleaned with backup :mozilla.230:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.231:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Itrack : Cleaned with backup :mozilla.233:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Adtrak : Cleaned with backup :mozilla.234:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Adtrak : Cleaned with backup :mozilla.239:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.240:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.249:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.251:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.261:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Adorigin : Cleaned with backup :mozilla.264:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.265:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.286:C:\RECYCLER\NPROTECT\00109870.MOZ -> Spyware.Cookie.Masterstats : Cleaned with backup :mozilla.28:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.29:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.30:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.31:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.32:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.33:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.34:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.35:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.36:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.37:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.38:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.39:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.40:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.41:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.42:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.43:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.48:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.49:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.50:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.51:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.52:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.53:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.54:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.55:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.56:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.57:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.59:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.61:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.62:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.63:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.64:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.65:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.77:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.96:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.97:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.98:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.99:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.100:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.101:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.105:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.106:C:\RECYCLER\NPROTECT\00111522.MOZ -> Spyware.Cookie.Overture : Cleaned with backup

Bump against spyware!

Some notes: In safe mode, I could NOT delete: C:\Program Files\Surf Side Kick 3 That file was in use by another person or program SurfSideKick3 was NOT found in Add/Remove programs Ssk.dll - Could not be deleted Sskknwrd.dll - Found in Application Data, Deleted Ssk.log - Not found SskUpdater.exe - Not Found C:\WINDOWS\system32\wintask.exe - NOT FOUND C:\WINDOWS\system32\stb.exe - NOT FOUND Heres the new HJT log: Logfile of HijackThis v1.99.1 Scan saved at 12:45:00 AM, on 10/23/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Browser Mouse\mouse32a.exe C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AIM\aim.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\alg.exe C:\New Folder\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [surfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [surfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0002.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - AppInit_DLLs: repairs302972949.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe The Panda scan was too large to put on PCPitstop, so I don't know what to do. There was like 1200 infections. 99% of them were located in these 2 spots, and of this format: C:\Documents and Settings\Alix\Cookies\[email protected](Insertsomethinghere) C:\Documents and Settings\Alix\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\(Insertthingshere) C:\Documents and Settings\Alix\Cookies\[email protected](Insertsomethinghere) And the big one, which is 80% of the scan: C:\RECYCLER\NPROTECT\00108258.MOZ[(Insert something here)] There was also these: Spyware:Spyware/UrlSpy Reported C:\WINDOWS\system32\blackbox.exe Adware:Adware/Exact.BargainBuddyReported C:\WINDOWS\system32\filum\ddfdpxoa.exe Spyware:Spyware/LinkReplacer Reported C:\WINDOWS\system32\PreUninstallQL.exe Virus:Trj/Downloader.FHW Reported C:\WINDOWS\system32\svusxnw\efpv.exe If you want me to, I can e-mail you the spyXposer.txt file

Please help! I can't get rid of it!