Hello all.

Recently my office was hit with a huge problem. One of the moderators Budfred and Juniper were patient enough with me to explain certain things and give me a hand as to what I should do.

I learned a great deal. So much that I knew I needed to go home and run some of the security software they recommended on my home pc as well.

Here is my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 12:34:57 AM, on 1/21/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\fdbfty.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\QuickTime\QuicktimePlayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Owner.ENTERTAINER\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotsearchbar.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\oktx01.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pfbvwqz] C:\WINDOWS\System32\fdbfty.exe r
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\RunOnce: [SysService32] C:\WINDOWS\System32\ln32k.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - [url]http://www.photoworks.com/pixami/BPImageEditor.cab[/url]
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - [url]http://www.alwaysupdatednews.com/install/aun_0033.exe[/url]
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - [url]https://www.e-games.com.my/com/EGamesPlugin.cab[/url]
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - [url]http://aolcc.aol.com/computercheckup/qdiagcc.cab[/url]
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - [url]http://web1.shutterfly.com/downloads/Uploader.cab[/url]
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - [url]http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab[/url]
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - [url]http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab[/url]
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab[/url]
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - [url]http://www.photoworks.com/pixami/DragDropUploader.cab[/url]
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - [url]http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab[/url]
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - [url]http://moviefone.kontiki.com/securedelivery/main/kdx.cab[/url]
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

My pc has been acting insane at home. Plus when ever I need to reboot...as the Windows desktop loads, I get a message window that says one of two things:

"Hi. I think there is something wrong. Don't you?" OR "I'm starting to get sick of being here. Maybe you should report me."

In addition, in the screen that shows the user this pc is registered to (My name formerly...lol) It NOW says "Not you any longer" ha ha ha...I just thought it was funny.

Hitting ALT+CNTRL+DEL will only show me the white screen with the apps currently running. I can NOT see the tabs nor can I choose the option to shut down, log off, switch users, etc.

Any help from anyone who has the patience and time would be greatly appreciated. Thanks again guys.

You have a nice collection o "stuff" there...definitely requires Budfred or Classic. I am obliged to leave the diagnosis and fixes to them. However, you should put HJT in a dedicated directory (e.g., create one for it). The reason is any "fixes" you may make, should they need to be "undone" later, could be lost if you have HJT in a temporary directory like you do right now.

Hey Pop Pop.

Thanks a lot for the advice. How would I go about taking HJT from a temp folder and put it in a dedicated directory? Or create one for that matter.

You can create one just about anywhere--on the desktop or somewhere within "MyComputer"--by doing a right mouse click, select New, select Folder. Give the new folder/directory a name, something like HJT...type it in.

Now you can go find where you currently have HJT...it's here:C:\Documents and Settings\Owner.ENTERTAINER\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe and copy/move it to the new HJT directory. If you "copy", either delete the one in the temp folder, or be sure to only use the one in the new folder. I would delete the one in the temp folder.

Good luck with your "mess". We're very fortunate to have guys like Budfred and Classic around at times like this. ;)

I don't have time to do a full analysis right now, but either I or someone else will be back later to help... In the meanwhile, please run Ewido and then post a fresh HJT log and the Ewido log:

Please download, install, and update the NEW free version of Ewido trojan scanner (http://www.ewido.net/en/download/):

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

From the main ewido screen, click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful")

Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

Check "Perform action with all infections".

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.


You do have a pretty major pile of garbage here... :eek: :eek:

lol Man Budfred you're the greatest. Thanks. Well I'm going to post the Ewido log I got. Again, I'm sure you know it's long so it may take a few posts. Thanks again.

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:35:26 PM, 1/21/2006
+ Report-Checksum: 8A7C1A43

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
C:\counter.cab/counter.exe -> Dropper.Small.ls : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@adopt.eur oclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@adopt.spe cificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@ads.addyn amix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@banner.go ldenpalace[2].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@citi.brid getrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@clickagen ts[1].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@counter11 .sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@counter12 .sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@counter5. sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@cz11.clic kzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@cz4.click zs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@cz5.click zs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@cz7.click zs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@cz9.click zs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wfk4ogdjodp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wfkyandpkfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wfkyoodzwfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wfl4sjdzgcq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wfmisjd5mlo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjk4epdpkbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjkoaldjalp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup

Part 2

C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjkoekd5edo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjkoqhcpsko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjkoqlazkgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjkyajdzeeo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjkygocjwhp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjkygpcpedp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjkyolazkho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjkyugdjgcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjkyukaziaq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjl4sid5gfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjl4wjczkgp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjliajdjkfp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjliandpsho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjlikpd5mao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjliwnc5abp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjlocgdpmbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjloekdpobp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjlowhdpehq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjlyagcpicq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjlygkazico.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjmicidpmbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjmickdziho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjmyagdpabo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjny-1gcpkh.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjny-1sazae.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjnyaocjwaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjnycjdzado.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@e-2dj6wjnyopcpsdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@ehg-adteractive.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@ehg-bestbuy.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@ehg-betterphoto.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@ehg-cafepress.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@ehg-hollywood.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup

Part 3

C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@ehg-mastercard.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@ehg-newegg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@ehg-phe.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@ehg-sierratradingpost.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@ehg-tigerdirect2.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@ehg-wachovia.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@entrepren eur.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@image.mas terstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@msnportal .112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@pch.122.2 o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@premiumne tworkrocks.valuead[2].txt -> Spyware.Cookie.Valuead : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@pro-market[1].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@rotator.a djuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@sales.liv eperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@sec1.live person[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@vip.click zs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@web4.real tracker[2].txt -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@www.direc tnetadvertising[1].txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Cookies\owner@yieldmana ger[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Local Settings\Temp\clnA20.tmp -> Downloader.Dyfuca.cq : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Local Settings\Temp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Local Settings\Temp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Local Settings\Temp\mynut2.exe/enhupdt.exe -> Downloader.Intexp.c : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Local Settings\Temp\polmx3.cab/polmx3.exe -> Downloader.Agent.ae : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Local Settings\Temp\satmat.cab/satmat.exe -> Downloader.Stubby.d : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Local Settings\Temp\Temporary Internet Files\Content.IE5\G1UBKLUV\0,1-0,breakfast_burrito,FF[2].html -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Local Settings\Temp\Temporary Internet Files\Content.IE5\SLIV8HER\0,185,132191-243193,00[2].html -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPE6OFEW\0,175,150187-232200,00[2].html -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Local Settings\Temp\zserv.cab/ZServ.dll -> Spyware.DlMax : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Local Settings\Temporary Internet Files\Content.IE5\8D2ZOXQV\prompt[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Local Settings\Temporary Internet Files\Content.IE5\PRZJ5186\MediaTicketsInstaller[1].cab/MediaTicketsInstaller.ocx -> Spyware.MediaTickets : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Local Settings\Temporary Internet Files\Content.IE5\S1KFOFGN\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Local Settings\Temporary Internet Files\Content.IE5\WXEVGTUJ\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Owner.ENTERTAINER\Local Settings\Temporary Internet Files\Content.IE5\WXEVGTUJ\mm[3].js -> Spyware.Chitika : Cleaned with backup

Part 4
C:\eied_s7.cab/eied_s7_c_30.exe -> Downloader.Mediket.ay : Cleaned with backup
C:\Program Files\Alset\HelpExpress\Robert Centeno\Download\CLIENT.CAB/HelpExp.exe -> Spyware.HelpExpress : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\ApplicationData -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\ApplicationData\Administ rator -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\ApplicationData\Administ rator\eeid.dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\ApplicationData\Administ rator\userdata.dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\ApplicationData\merchant s.dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\ApplicationData\Robert Centeno -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\ApplicationData\Robert Centeno\dataexcludeebatessaved.dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\ApplicationData\Robert Centeno\eeid.dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\ApplicationData\Robert Centeno\userdata.dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\Applications -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\Applications\ebatesdatam erchNCust.dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\Applications\ebatesver2. dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\ebates_README2.txt -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Images -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_cli ckhere.gif -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_get cashback.gif -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_get cashbck.gif -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_no. gif -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_sub mit.gif -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Images\button_yes .gif -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Images\clear.gif -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Images\ebates.gif -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Images\ebateslogo 1.gif -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Images\logo_topmo x.gif -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Images\moe_questi on.gif -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Images\moe_remind er.gif -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Images\moe_top.gi f -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Images\moe_with_c ash.gif -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Images\spacer.gif -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\MTemp -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\MTemp\lock.txt -> Adware.MoneyMaker : Cleaned with backup
-> : Error during cleaning
C:\Program Files\EbatesMoeMoneyMaker\System\System -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\System\personalit y.dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Temp -> Adware.MoneyMaker : Cleaned with backup

Part 5

C:\Program Files\EbatesMoeMoneyMaker\System\Temp\dump.txt -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_scrip t0.htm -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_scrip t0_wo.htm -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\Homepage\WinPage.dll -> Spyware.MetaDirect : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP514\A0065733.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP514\A0065744.dll -> Trojan.Kolweb.d : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP531\A0067214.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP531\A0067215.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP531\A0067216.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP531\A0067217.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP544\A0073208.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP544\A0073216.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP554\A0073244.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP556\A0073257.dll -> Adware.ActivShopper : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP564\A0073283.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP564\A0073290.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP573\A0073315.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP573\A0073316.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP573\A0073318.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP573\A0073319.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP574\A0073324.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP574\A0073325.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP574\A0073326.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP574\A0073327.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP574\A0073329.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP580\A0073342.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP580\A0073343.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP580\A0073344.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP580\A0073345.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP580\A0073346.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP580\A0073347.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP581\A0073352.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP581\A0073358.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP581\A0073359.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP581\A0073360.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP582\A0074360.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP592\A0074448.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP600\A0075452.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP606\A0076462.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP607\A0078449.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP607\A0079448.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP610\A0079459.exe -> Worm.Kindal : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP610\A0079460.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP610\A0079461.exe -> Trojan.Stervis.j : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP610\A0079462.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP610\A0079463.exe -> Downloader.Intexp.d : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP610\A0079464.exe -> Worm.Kindal : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079467.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079469.dll -> Trojan.Agent.db : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079470.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079486.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079487.exe -> Trojan.Agent.gp : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079494.exe -> Spyware.F1Organizer : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079497.dll -> Spyware.NoName : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079498.exe -> Spyware.NoName : Cleaned with backup

END

FBF-9930-99546BBFF4A5}\RP611\A0079499.exe -> Downloader.Intexp.c : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079500.exe -> Spyware.BiSpy : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079501.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079502.exe -> Dialer.Generic : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079503.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079504.dll -> Downloader.Rameh.c : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079505.exe -> Downloader.Delf.go : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079506.exe -> Spyware.BookedSpace.c : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079507.EXE -> Dropper.Small.ht : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079509.dll -> Spyware.ActivShopper : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079515.DLL -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079531.exe -> Spyware.TotalVelocity : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079532.dll -> Spyware.TotalVelocity : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079533.dll -> Spyware.TotalVelocity : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079541.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079542.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079544.EXE -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079545.DLL -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079548.exe -> Spyware.PrecisionPop : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP611\A0079554.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP613\A0079567.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP613\A0079583.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP613\A0079584.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP613\A0079585.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP613\A0079607.exe -> Worm.Kindal : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP613\A0079608.dll -> Spyware.PowerStrip : Cleaned with backup
C:\System Volume Information\_restore{73F1DB6A-5CF4-4FBF-9930-99546BBFF4A5}\RP613\A0079609.exe -> Spyware.PowerStrip : Cleaned with backup
C:\WINDOWS\goflfswoit.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Temp\i300.tmp -> Downloader.Small.id : Cleaned with backup
C:\WINDOWS\Temp\i320.tmp -> Downloader.Small.id : Cleaned with backup


::Report End

We need a fresh HJT log to see what is left...

Since most of that was cookies and Temporary folders, it may also be a good idea to clean those out... Use CCleaner to clear out temp folders...

http://www.ccleaner.com/

After that, reboot and post the fresh HJT log...

Logfile of HijackThis v1.99.1
Scan saved at 10:53:45 AM, on 1/22/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Owner.ENTERTAINER\Desktop\HJT LOG\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotsearchbar.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [dkgfse] C:\WINDOWS\System32\wcbgjyd.exe r
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - [url]http://www.photoworks.com/pixami/BPImageEditor.cab[/url]
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - [url]http://www.alwaysupdatednews.com/install/aun_0033.exe[/url]
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - [url]https://www.e-games.com.my/com/EGamesPlugin.cab[/url]
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - [url]http://aolcc.aol.com/computercheckup/qdiagcc.cab[/url]
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - [url]http://web1.shutterfly.com/downloads/Uploader.cab[/url]
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - [url]http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab[/url]
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - [url]http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab[/url]
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab[/url]
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - [url]http://www.photoworks.com/pixami/DragDropUploader.cab[/url]
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - [url]http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab[/url]
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - [url]http://moviefone.kontiki.com/securedelivery/main/kdx.cab[/url]
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

You still have quite a mess there...

Download CleanUp (http://www.stevengould.org/software/cleanup/download.html)
Install the program, dont run it yet, we will later.

Please download this file: Nailfix Utility (http://www.noidea.us/easyfile/file.php?download=20050711214630636)
Save it to your desktop.
DO NOT run it yet.

Download dsrfix.zip (http://www.atribune.org/downloads/dsrfix.zip)
Save it to your desktop.
Unzip dsrfix.zip and extract it to your desktop.
This will create a new folder on your desktop named dsrfix.
Do Not open that folder yet.
Please download APT (http://www.diamondcs.com.au/index.php?page=apt) and unzip the contents to a new folder on your desktop.
Open the folder you just created and click on apt.exe and search in the window for wcbgjyd.exe.
Open your C:\Windows\system32 folder and search for wcbgjyd.exe.
Don't delete it yet, just leave the system32 folder open so you can see the bad file.
In APT again, Select wcbgjyd.exe and Click Kill3

Then immediately delete wcbgjyd.exe from your system32 folder.
Close APT.

Next, please reboot your computer in SafeMode by doing the following:
Restart your computer
Just before the Windows icon appears, press the F8 key.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
Once in Safe Mode, please double-click on nailfix.exe.
Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Now open ewido and do a scan of your system.
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Now scan with HJT and place a checkmark next to each of the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?ap...ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotsearchbar.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?ap...ODQ6NTo5&Terms=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [dkgfse] C:\WINDOWS\System32\wcbgjyd.exe r
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0033.exe

Close all open windows except for HJT, then click the Fix Checked button. Close HJT.

Now open the folder dsrfix on your desktop.
Double-Click on dsrfix.bat
A window will pop up briefly then close, this is normal.
Enable show hidden files and folders:

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK

Now using Windows Explorer find and remove the following folders/files if still present:

C:\WINDOWS\Nail.exe
C:\Program Files\TBONAS (Folder)
C:\WINDOWS\systask32l.exe
C:\WINDOWS\dinst.exe
C:\WINDOWS\System32\wcbgjyd.exe

Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
When CleanUp starts go to the Options button (right side of CleanUp screen)
Move the arrow down to "Custom CleanUp!"
Now place a checkmark next to the following (Make sure nothing else is checked!):
Delete Cookies
This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
Empty Recycle Bins
Delete Prefetch files
Cleanup! All Users

Click OK
Then click on the CleanUp button. This will take a short while, let it do its thing.
When asked to reboot system select No
Close CleanUp
Finally, restart your computer back into Normal Mode and please post a new HJT log, as well as the ewido report log from the Ewido scan by using Post Reply

Hi Budfred

The APT application does not show the file wcbgjyd.exe nor do I see it in the system 32 folder. Is this a good thing? Or am I missing something perhaps?

I don't know if it is good or not... Did you proceed with the rest of the fix?? If so, post the logs... If not, please do so...