I am currently visiting my brother and his computer has been hijacked and I can't even open email. Here is the log I just ran. Any input would be great. I get like 28 pop ups in IE without doing anything. I get messages that all this information is being retained and could ruin your marriage and your credit and idenity......blah blah blah. It will only open to this URL that tells me to download all this stuff to fix the computer, which I just close everything.
Another warning when starting IE is "WARNING" W32.my2or.fk@yf is a virus that infects files with .exe extensions. It attempts to steal passwords and private information from the infected computer. The url that open only is asecuritynotice.com if I type in yahoo and try to access my email it goes to the homepage, but then brings up a cannot display page and wants me to download disk doctor and I just close that window

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\issrch.exe
C:\Program Files\Video ActiveX Object\pmsnrr.exe
C:\Program Files\Video ActiveX Object\isamntr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\x1017.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctpmon.exe
C:\Program Files\Video ActiveX Object\pmmnt.exe
C:\WINDOWS\System32\ctpmon.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AntiVermeans\antivermeans.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&lang=0&prtr=4136001&ctry=00000409&os=5&src=1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\System32\ntos.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isadd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\System32\ixt0.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Program Files\Safety Bar\SafetyBar.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [syswin] C:\DOCUME~1\Owner\LOCALS~1\Temp\x1017.exe
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O4 - HKLM\..\Run: [AntiVermeans] C:\Program Files\AntiVermeans\AntiVermeans.exe /h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O4 - Startup: Ad-watch 3.lnk = C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - [url]http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab[/url]
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - [url]https://hsmail8.ucdmc.ucdavis.edu/iNotes6W.cab[/url]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [url]http://www1.snapfish.com/SnapfishActivia.cab[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162694955393[/url]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - [url]http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab[/url]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://cdn.messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url]
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\syste8v.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll

O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)
O21 - SSODL: didymiums - {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} - C:\WINDOWS\System32\vblhanf.dll
O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\Documents and Settings\Owner\~tmp0374.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

You have a real mess here. Please post the entire Hijackthis log including the header.

Logfile of HijackThis v1.99.1
Scan saved at 5:50:06 PM, on 2/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

I have actually posted everything above, I just had to do it in two posts since the file was so large. This was the header.

Let's start with these two scans:

First:
Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)]

Next:

Please download, install, and update Ewido anti-spyware (http://www.ewido.net/en/download/)



Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.

After the update finishes (the status bar at the bottom will display "Update successful")

Close ewido. Do not run it yet.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.


In Safe Mode, load Ewido and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Restart back into Normal Mode.


Post back with the:


Smitfraud Log
The Ewido (AVG Anti-Spyware) Report
A New HJt log

Ouch, Smitfraud and ctpmon, that's nasty, I would say there are quite a few pop ups asking to download rogues, anyway good luck with the clean up guys, had to clean up a machine with a similar infestation a few weeks ago, so I know you'll need it.

Thanks for your time and the info. I'm having a problem getting the file to open. I click on your link and my computer just sits here. I also ran lavasoft and rebooted and still no luck. I'm going to let it sit to see if it will just take time to open. I keep getting these annoying popups while I'm doing this. I will keep you posted.

I cannot access this file. I even tried to route through yahoo and do a search and I keep getting this message

The page you are looking for is probably blocked by adware/spyware on your PC. Remove it with System Doctor software. CLICK HERE.

The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.

--------------------------------------------------------------------------------

Please try the following:

Install System Doctor software to clean your PC.

If you typed the page address in the Address bar, make sure that it is spelled correctly.

To check your connection settings, click the Tools menu, and then click Internet Options. On the Connections tab, click Settings. The settings should match those provided by your local area network (LAN) administrator or Internet service provider (ISP).
See if your Internet connection settings are being detected. You can set Microsoft Windows to examine your network and automatically discover network connection settings (if your network administrator has enabled this setting).
Click the Tools menu, and then click Internet Options.
On the Connections tab, click LAN Settings.
Select Automatically detect settings, and then click OK.
Some sites require 128-bit connection security. Click the Help menu and then click About Internet Explorer to determine what strength security you have installed.
If you are trying to reach a secure site, make sure your Security settings can support it. Click the Tools menu, and then click Internet Options. On the Advanced tab, scroll to the Security section and check settings for SSL 2.0, SSL 3.0, TLS 1.0, PCT 1.0.
Visit System Doctor website to delete spyware and adware software.



Cannot find server or DNS Error
Internet Explorer

http://ie404error.com/

This is what my url is going to once I click on the link you posted above. I think we have a real mess. Can you answer this, is all my brother's information (bank cards, passwords, taxes etc) has all this info been captured and he needs to cancel everything from this point. That is what someone else is telling me and I have not a clue!:confused:

System Doctor is an infection... Whatever you do, do NOT click on anything associated with it...

Did you try downloading Ewido?? Please be clear about what you have or haven't done... It is not clear what "that file" means...

If you can't download either of them, use this:

Download the Hoster Here (http://www.funkytoad.com/download/hoster.zip) and unzip it to your desktop.
Next, open the Hoster
Make sure that the "make hosts writable?" button in the upper right corner is checked
Now, click on 'back up Host files'
then click on 'Restore orginal host files'
Finally, close the hoster


It may have a new name now, but use it anyway... Then try your downloads again...

Edit: Yes, your brother's personal information may have been stolen and it would be a good idea to change account numbers and passwords... DO NOT do any financial transactions on this computer at this point... Do it by phone...

Sorry, I meant "this file" as the first file I was to download. I cannot access Ewido either. I also tried the Hoster and was able to click on make hosts writable, but I could not click on anything else, the buttons are not shadowed out, it just doesn't do anything :(

I am in a real mess here and being that I work in Pediatric Oncology, this is not my area of expertise. Would it be best to take it in to Best Buy and let them figure all this out. Gotta love a brother who looks at free porn, I hope he has learned a lesson.

I also know that I hit "create back up" while the button said read only as I was looking for a check mark and realized I had to just click on the button to make it read writable. I think I'm doing further damage.....eeeek

Go back and do it again, following the steps Budfred outlined. Alternately, you could download the programs on a clean PC and burn them to a CD.

Let us know if you want to go that route.

SmitFraudFix v2.142

Fichier Process.exe absent !
Dezippez la totalité de l'archive dans un dossier.

Process.exe file missing !
Unzip all the archive in a folder.

Press any key to continue . . .

I was able to load this file into a folder on my desktop. When I clicked on the manual update bar I got this message "ERROR.FAIL TO CONNECT TO SERVER UPDATE.EWIDO.NET ;(

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:06:22 PM 2/17/2007

+ Scan result:



C:\Program Files\Safety Bar -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Safety Bar\SafetyBar.dll -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Safety Bar\Uninstall.bat -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Public Messenger ver 2.03 -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Security Add-On -> Adware.IntCodec : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).
HKU\S-1-5-21-3460825811-759400793-2330270419-1003\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F85E50F6-23AA-4ADC-862E-3E5F25DFB1DC}\RP408\A0033275.EXE -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\protector.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ntio256.sys -> Rootkit.Agent.cf : Cleaned with backup (quarantined).

:mozilla.214:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.673:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.696:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.715:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.944:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.298:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.299:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.300:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.301:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.302:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.303:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.304:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.528:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.567:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.568:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.569:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.570:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.602:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.646:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.919:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.958:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.959:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.960:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.961:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.962:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.325:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.326:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.327:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.820:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.821:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.822:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.978:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.980:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.143:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.964:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.966:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.935:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.951:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt ->

Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.886:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.380:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.381:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@stats2.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.458:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.459:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.837:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.838:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.839:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.842:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.843:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.844:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.845:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.846:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.847:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.854:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.855:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.856:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.862:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.334:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.335:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.336:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.337:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.338:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.887:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.212:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.213:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.385:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.386:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.387:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.388:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.389:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.967:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.424:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.425:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.426:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.427:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.428:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.429:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.430:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.431:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.432:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.28:C:\Documents and Settings\Owner\Application

Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.309:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Xxxcounter : Cleaned.
:mozilla.889:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.890:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.891:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\5mq4b3ei.default\cooki es.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{F85E50F6-23AA-4ADC-862E-3E5F25DFB1DC}\RP409\A0033452.dll -> Trojan.Agent.rx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ntoskrnl.dll -> Trojan.Agent.rx : Cleaned with backup (quarantined).
C:\Cvjime.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\Gehm.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\Onpslrm.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\Taesoawl.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F85E50F6-23AA-4ADC-862E-3E5F25DFB1DC}\RP406\A0033193.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F85E50F6-23AA-4ADC-862E-3E5F25DFB1DC}\RP408\A0033276.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F85E50F6-23AA-4ADC-862E-3E5F25DFB1DC}\RP408\A0033277.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Shared\Little River Band-Greatest Hits.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 10:12:15 PM, on 2/17/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\issrch.exe
C:\Program Files\Video ActiveX Object\pmsnrr.exe
C:\Program Files\Video ActiveX Object\isamntr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\x1017.exe
C:\WINDOWS\System32\ntsystem.exe
C:\Program Files\AntiVermeans\AntiVermeans.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctpmon.exe
C:\Program Files\Video ActiveX Object\pmmnt.exe
C:\WINDOWS\System32\ctpmon.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&lang=0&prtr=4136001&ctry=00000409&os=5&src=1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\System32\ntos.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isadd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\System32\ixt0.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [syswin] C:\DOCUME~1\Owner\LOCALS~1\Temp\x1017.exe
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe

O4 - HKLM\..\Run: [AntiVermeans] C:\Program Files\AntiVermeans\AntiVermeans.exe /h
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O4 - Startup: Ad-watch 3.lnk = C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - [url]http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab[/url]
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - [url]https://hsmail8.ucdmc.ucdavis.edu/iNotes6W.cab[/url]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [url]http://www1.snapfish.com/SnapfishActivia.cab[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162694955393[/url]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - [url]http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab[/url]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://cdn.messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url]
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\syste8v.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O21 - SSODL: didymiums - {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} - C:\WINDOWS\System32\vblhanf.dll
O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\Documents and Settings\Owner\~tmp0374.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Load Hijackthis and place a check next to:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\System32\ntos.exe,

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isadd.dll
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\System32\ixt0.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll

O4 - HKLM\..\Run: [syswin] C:\DOCUME~1\Owner\LOCALS~1\Temp\x1017.exe
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O4 - HKLM\..\Run: [AntiVermeans] C:\Program Files\AntiVermeans\AntiVermeans.exe /h
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O20 - AppInit_DLLs: C:\WINDOWS\System32\syste8v.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O21 - SSODL: didymiums - {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} - C:\WINDOWS\System32\vblhanf.dll
O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)

Close all program and browser windows except for HJT and click fix checked.

Re-boot into safe mode and re-run the smitfraud fix.
Boot back into normal mode and post a fresh HJT log and the smitfraud log.

I realize some of this may come back even if we remove it via HJT, but we may knock it down enough to allow the tools to work. It also may be worthwhile to wipe this drive and reinstall windows.

I can't run the smitfraud fix...see message I'm getting above. Those messages above with reports are from Ewido and Hijack this ;(. I will do this. Thank you so much for your time.

SmitfraudFix is a zip file, you need to unzip it to run it... Right click on it and select the option to Extract it... Extract to your Desktop...

Did you get the message after you fixed what I said?

You must do what is instructed in the order it was instructed. Even if Smitfraud fix did not work, where is a new HJT log?