Worm problem ..

[dherzog]

Jars :: I did everything on the list so far - here is the new hijack this and edwino file ::


Logfile of HijackThis v1.99.1
Scan saved at 6:36:37 PM, on 6/7/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1146200731\ee\AOLSoftware.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\p2pnetworking.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\taskmgr.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\msconfig.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Google\Google Updater\1.1.514.27546\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,glwxlcc.exe
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\System32\x3cqp0.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146200731\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defender] C:\\defender25.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: taskmgr.exe
O4 - Global Startup: msconfig.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.514.27546\GoogleUpdater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\System32\x3cqp0.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\svchost.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

....

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:30:19 PM, 6/7/2006
+ Report-Checksum: EE8838FC

+ Scan result:

C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Program Files\outlook\v.tmp -> Worm.VB.dw : Cleaned with backup
C:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Program Files\DNS\cwebpage.dll -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\DNS\Catcher.dll -> Adware.Maxifiles : Cleaned with backup
C:\WINDOWS\system32\rwinoqez.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\pndsregr.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\w002ada2.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINDOWS\system32\ZICORN003.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\offun.exe -> Downloader.VB.nw : Cleaned with backup
C:\numbsoft.exe -> Dropper.Agent.hl : Cleaned with backup


::Report End

 

[Buzz1927]

That doesn't seem to have worked.

Save these instructions in Notepad for use in safemode later.

Please download the
Killbox.
Unzip it to the desktop but do NOT run it yet.

Please download Brute Force Uninstaller to your desktop. (rightclick on this link and choose save as, if using IE save target as)

• Right click the BFU folder on your desktop, and choose Extract All
• Click "Next"
• In the box to choose where to extract the files to,
• Click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk (C or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
• Download qoofix.bat (rightclick on this link and choose save as, if using IE save target as)
• Place qoofix.bat in your C:\BFU - folder. (Important!)
• Doubleclick qooFix.bat, Close all browsers and explorer folders.
• Choose option 1 (Qoolfix autofix) and follow the prompts.
• Please be patient, it will take about five minutes.
• As the computer is restarting, tap f8, a menu should appear, select "safemode".
  
  Once in Safe Mode:
  
  Run Hijackthis and select "Do a system scan only", place a check by the following entries.
  
  F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,glwxlcc. exe
  O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\System32\x3cqp0.dll (file missing)
  O4 - HKLM\..\Run: [defender] C:\\defender25.exe
  O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe
  O4 - HKLM\..\Run: [newname] C:\\newname25.exe
  O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
  O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
  O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
  O4 - Global Startup: taskmgr.exe
  O4 - Global Startup: msconfig.exe
  O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
  O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
  O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\System32\x3cqp0.dll
  O20 - AppInit_DLLs: C:\WINDOWS\System32\svchost.dll
  
  Close all open windows and browsers, and hit "Fix Checked".
  
  Then run Killbox.
  Select "Delete on Reboot".
  Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
  
  C:\WINDOWS\System32\p2pnetworking.exe
  C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\taskmgr.exe
  C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\msconfig.exe
  C:\\defender25.exe
  C:\\keyboard25.exe
  C:\\newname25.exe
  C:\WINDOWS\system32\dwdsregt.exe
  C:\WINDOWS\System32\x3cqp0.dll
  C:\WINDOWS\System32\svchost.dll
  
  Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  
  Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
  
  Then restart the computer.
  
• After the PC has restarted please post another hijackthis log.

 

[dherzog]

Logfile of HijackThis v1.99.1
Scan saved at 4:33:25 PM, on 6/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1146200731\ee\AOLSoftware.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Updater\1.1.514.27546\GoogleUpdater.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
c:\program files\common files\aol\1146200731\ee\aim6.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146200731\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.514.27546\GoogleUpdater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe


how is that? i didnt really understand that bfu thing .. it wouldnt let me double click the qoofix. i did everything else though and have both of those downloaded if there is something i need to do.. thank you!

 

[Jars]

ERr. I wanted to get my hands on those Files. But o well. It seems he was infected with a new varient of Alcra.

 

[dherzog]

well i still have a worm - ad.aware picks it up and deletes it but it keeps coming back.

 

[Jars]

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

 

[leeroyMarv]

I don't know that much about them seeing as how ive never gotten a worn but they are basically one of the worst things possible. They go in and out of files and once your computer has been infected it can create backdoors in prgrams and hide and stuff. So i wouldnt expect adaware to fix the problem as the worm will simply duplicate and hide. Reformatting shouldn't be done until no other options are availible. But it is likely that the worm will just keep going in and out of programs sending useless stuff to you, and possibly using your computer as a spammer. Wish i knew more so i could help properly.

 

[dherzog]

Incident Status Location

Adware:adware/dollarrevenue Not disinfected c:\windows\newname.dat
Adware:adware/maxifiles Not disinfected c:\program files\common files\InetGet
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/sidesearch Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Phillip Davis\Cookies\phillip davis@atwola[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Phillip Davis\Cookies\phillip davis@go[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Phillip Davis\Cookies\phillip davis@atwola[3].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Phillip Davis\Cookies\phillip davis@rightmedia[1].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Teresa\Cookies\teresa@smni[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Teresa\Cookies\teresa@atwola[1].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Teresa\Cookies\[email protected][2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Teresa\Cookies\teresa@offeroptimizer[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Teresa\Cookies\teresa@atwola[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Teresa\Cookies\teresa@atwola[3].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Teresa\Cookies\teresa@go[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dani\Cookies\dani@go[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Dani\Cookies\dani@rn11[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Dani\Cookies\dani@webpower[2].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Dani\Cookies\[email protected][1].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Dani\Cookies\dani@smni[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Dani\Cookies\dani@offeroptimizer[1].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Dani\Cookies\[email protected][1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Dani\Cookies\dani@rn11[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dani\Cookies\dani@go[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@tribalfusion[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@belnk[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@bluestreak[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@doubleclick[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip [email protected][2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@tradedoubler[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@atdmt[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip [email protected][2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@questionmarket[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@mediaplex[1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip [email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@adrevolver[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@trafficmp[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@adrevolver[3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip [email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@realmedia[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@hitbox[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@advertising[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@serving-sys[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@casalemedia[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@fortunecity[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\phillip davis.PHIL-8U07Y3QDYD\Cookies\phillip davis@fastclick[1].txt
Virus:Trojan Horse Disinfected C:\Program Files\Norton AntiVirus\Quarantine\13D15BB1.class
Virus:W32/Sdbot.HLL.worm Disinfected C:\Program Files\HijackThis\backups\backup-20060608-162626-654-taskmgr.exe
Virus:W32/Sdbot.HLL.worm Disinfected C:\Program Files\HijackThis\backups\backup-20060608-162627-783-msconfig.exe
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w0e4c486.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w0f7f811.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w131cc2b.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w144f8fc.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w0378c0e.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w04ab2bb.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w05dd8f9.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w0713963.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w0846092.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w097873f.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w0aad55a.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w0bdfd97.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w0d12408.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w10b2c47.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w11e86f1.dll
Adware:Adware/FCHelp Not disinfected C:\WINDOWS\srvasqlmjt.exe[PECarlin.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\WINDOWS\Setup.exe
It said all of the viruses were disinfected but none of the adware. Thank you all so much for all your help. Any other ideas? Or is it pretty much as good as it's going to get?