Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Intermittent internet and other stuff!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Grezza » November 8th, 2006, 10:38 am

Thanks again for all your help,
G.

SDFix: Version 1.36
-------------------

Scan run on:
08/11/2006

Time:
14:30

Microsoft Windows XP [Version 5.1.2600]

Running from: C:\Documents and Settings\Administrator\Desktop\SDFix

Stage One...

Checking Services...

Name:
-----
Microsoft Windows Scheduled Tasker

Path:
----
"C:\WINDOWS\eiRecvr.exe"

Microsoft Windows Scheduled Tasker Deleted...

Repairing Registry...


Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two...

Checking For Malware:
--------------------

C:\WINDOWS\Prefetch\ERASEME_45282.EXE-1BFFB379.pf
C:\WINDOWS\atapid.exe

Backing Up and Removing any Files Found...

Final Check:

Services:
---------


Files:
------


Any files removed are saved to the SDFix\backups Folder

FINISHED


C:\WINDOWS\notepad.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kristi123.spaces.live.com//Photo ... nPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... ase969.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ ... loader.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McRedirector - Unknown owner - (no file)
O23 - Service: McShield - Unknown owner - (no file)
O23 - Service: Extended Windows Security (Microsoft Extended Windows Security) - Unknown owner - C:\WINDOWS\elRecvr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Grezza
Regular Member
 
Posts: 82
Joined: November 3rd, 2006, 4:19 pm
Advertisement
Register to Remove

Unread postby Trogan » November 9th, 2006, 2:47 pm

Hi Grezza! Sorry for the delay. It looks like the infection you had (IRCBot) has morphed, so SDFix may need to be updated again. I'll post some instructions soon.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby Grezza » November 9th, 2006, 2:53 pm

OK, cheers.
Grezza
Regular Member
 
Posts: 82
Joined: November 3rd, 2006, 4:19 pm

Unread postby Trogan » November 9th, 2006, 4:07 pm

Hi Grezza! We need to get another file uploaded so SDFix can be updated.

Please Run SFP.exe.

Copy the following line into the Step 1: Paste Text window:

C:\WINDOWS\elRecvr.exe

then click "Continue".

This will create a .cab file on your desktop named requested-files[Date/Time].cab

Next please visit SpyKillers forum here

http://www.thespykiller.co.uk/forum/index.php?board=1.0

Read the instructions for uploading files which is the first topic on the forum then start a new Topic named 'IRCbot files for AndyManchesta' , please then post a link to this thread and upload the requested files.cab archive from your desktop

Let me know when that is done.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby Grezza » November 9th, 2006, 4:14 pm

Done it, hopefully!

Grezza
Grezza
Regular Member
 
Posts: 82
Joined: November 3rd, 2006, 4:19 pm

Unread postby Trogan » November 9th, 2006, 6:56 pm

Thank you for doing that. Once SDFix is updated, we will need to run it again.

Also, I must stress again that you should try and keep the computer offline as much as possible due to the nature of the infection.

Thanks! :)
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby Grezza » November 10th, 2006, 4:01 am

Trogan, I'm doing my best to follow your instructions faithfully.
I've gone online as part of these instructions when required.
The only other time was to get song titles via Apple's Gracenote database, but didn't open IE.
If I don't actually open IE or OE am I still vulnerable?
Cheers,
Grezza.
Grezza
Regular Member
 
Posts: 82
Joined: November 3rd, 2006, 4:19 pm

Unread postby Trogan » November 10th, 2006, 5:33 am

I appreciate your efforts and thanks for sticking with me while we try to get tools updated to clean your PC.

If you don't actually open IE, then you should be fine. Also, as you may know, IE is not the most safest browser as that is where the majority of infections sneak past. I suggest you download and try Mozilla FireFox, which is a safer alternative to IE.

If you download Firefox, I would be cautious to go on the internet still.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby Trogan » November 11th, 2006, 12:08 pm

Just an update:

Still waiting for SDFix to be updated. Not sure how long it will take.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby Grezza » November 14th, 2006, 5:23 am

Hi,

Any news?

G.
Grezza
Regular Member
 
Posts: 82
Joined: November 3rd, 2006, 4:19 pm

Unread postby Trogan » November 14th, 2006, 11:20 am

Hi Grezza! Sorry for the wait.

Delete the current SDFix you have and follow the instructions below please:
_______________

Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby Grezza » November 14th, 2006, 11:38 am

Fingers crossed!!

SDFix: Version 1.37
-------------------

Scan run on:
14/11/2006

Time:
15:31

Microsoft Windows XP [Version 5.1.2600]

Running from: C:\Documents and Settings\Administrator\Desktop\SDFix

Stage One...

Checking Services...

Name:
-----
Microsoft Extended Windows Security

Path:
----
"C:\WINDOWS\elRecvr.exe"

Microsoft Extended Windows Security Deleted...

Repairing Registry...


Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two...

Checking For Malware:
--------------------

C:\WINDOWS\elRecvr.exe

Backing Up and Removing any Files Found...

Final Check:

Services:
---------



Files:
------


Any files removed are saved to the SDFix\backups Folder

FINISHED


Logfile of HijackThis v1.99.1
Scan saved at 15:36:46, on 14/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kristi123.spaces.live.com//Photo ... nPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... ase969.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ ... loader.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McRedirector - Unknown owner - (no file)
O23 - Service: McShield - Unknown owner - (no file)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Grezza
Regular Member
 
Posts: 82
Joined: November 3rd, 2006, 4:19 pm

Unread postby Trogan » November 14th, 2006, 11:59 am

That worked! :D Good job! :)

We are going to run some scans to make sure that no malware is lurking around.
_________________

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.
@echo off
sc stop McRedirector
sc delete McRedirector
sc stop McShield
sc delete McShield
exit

Double click FixServices.bat. A window will open and close. This is normal.
_________________

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!

Double-click ATF Cleaner.exe to open it.

Under Main select the following:
    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Click Exit on the Main menu to close the program
_________________

You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode
_________________

Please do an online scan with Panda ActiveScan

- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
_________________

Please post the following:

1) AVG anti-spyware log
2) Panda report
3) New HijackThis log
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby Grezza » November 15th, 2006, 1:56 pm

Sorry about the way it's put here, but AVG wouldn't copy from notepad so I had to go via Word. Hope you can make sense of it.



_A_V_G_ _A_n_t_i_-_S_p_y_w_a_r_e_ _-_ _S_c_a_n_ _R_e_p_o_r_t_
_
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
_
_
_
_ _+_ _C_r_e_a_t_e_d_ _a_t_:_ _1_6_:_3_7_:_3_4_ _1_5_/_1_1_/_2_0_0_6_
_
_ _+_ _S_c_a_n_ _r_e_s_u_l_t_:_
__C_:_\_P_r_o_g_r_a_m_ _F_i_l_e_s_\_C_o_m_m_o_n_ _F_i_l_e_s_\_{_4_8_7_5_D_8_B_B_-_0_8_7_9_-_1_0_3_3_-_0_4_2_2_-_0_4_0_4_0_6_2_3_0_0_2_c_}_\_U_p_d_a_t_e_._e_x_e_ _-_>_ _A_d_w_a_r_e_._A_g_e_n_t_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_P_r_o_g_r_a_m_ _F_i_l_e_s_\_C_o_m_m_o_n_ _F_i_l_e_s_\_{_4_8_7_5_D_8_B_B_-_0_8_7_B_-_1_0_3_3_-_0_4_2_2_-_0_4_0_4_0_6_2_3_0_0_2_c_}_\_U_p_d_a_t_e_._e_x_e_ _-_>_ _A_d_w_a_r_e_._A_g_e_n_t_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_P_r_o_g_r_a_m_ _F_i_l_e_s_\_V_S_A_d_d_-_i_n_\_V_S_A_d_d_-_i_n_._d_l_l_ _-_>_ _A_d_w_a_r_e_._A_g_e_n_t_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_P_r_o_g_r_a_m_ _F_i_l_e_s_\_P_r_i_n_t_V_i_e_w_\_p_r_i_n_t_h_o_o_k_0_3_0_._d_l_l_ _-_>_ _A_d_w_a_r_e_._P_r_i_n_t_V_i_e_w_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__H_K_L_M_\_S_O_F_T_W_A_R_E_\_M_i_c_r_o_s_o_f_t_\_W_i_n_d_o_w_s_\_C_u_r_r_e_n_t_V_e_r_s_i_o_n_\_U_n_i_n_s_t_a_l_l_\_S_c_r_e_e_n_s_a_v_e_r_s_I_n_s_t_a_l_l_e_r_ _-_>_ _A_d_w_a_r_e_._S_c_r_e_e_n_s_a_v_e_r_s_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_i_y_a_o_h_c_m_v_._e_x_e_._b_a_d_ _-_>_ _A_d_w_a_r_e_._S_e_a_r_c_h_c_o_l_o_r_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_W_I_N_D_O_W_S_\_s_y_s_t_e_m_3_2_\_b_s_r_h_t_l_i_o_._e_x_e_ _-_>_ _A_d_w_a_r_e_._S_e_a_r_c_h_c_o_l_o_r_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_P_r_o_g_r_a_m_ _F_i_l_e_s_\_C_o_m_m_o_n_ _F_i_l_e_s_\_{_4_8_7_5_D_8_B_B_-_0_8_7_9_-_1_0_3_3_-_0_4_2_2_-_0_4_0_4_0_6_2_3_0_0_2_c_}_\_s_e_r_v_i_c_e_s_._d_l_l_ _-_>_ _A_d_w_a_r_e_._S_o_f_t_o_m_a_t_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_P_r_o_g_r_a_m_ _F_i_l_e_s_\_C_o_m_m_o_n_ _F_i_l_e_s_\_{_4_8_7_5_D_8_B_B_-_0_8_7_A_-_1_0_3_3_-_0_4_2_2_-_0_4_0_4_0_6_2_3_0_0_2_c_}_\_U_p_d_a_t_e_._e_x_e_ _-_>_ _A_d_w_a_r_e_._S_o_f_t_o_m_a_t_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_P_r_o_g_r_a_m_ _F_i_l_e_s_\_C_o_m_m_o_n_ _F_i_l_e_s_\_{_4_8_7_5_D_8_B_B_-_0_8_7_A_-_1_0_3_3_-_0_4_2_2_-_0_4_0_4_0_6_2_3_0_0_2_c_}_\_s_e_r_v_i_c_e_s_._d_l_l_ _-_>_ _A_d_w_a_r_e_._S_o_f_t_o_m_a_t_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_P_r_o_g_r_a_m_ _F_i_l_e_s_\_C_o_m_m_o_n_ _F_i_l_e_s_\_{_4_8_7_5_D_8_B_B_-_0_8_7_B_-_1_0_3_3_-_0_4_2_2_-_0_4_0_4_0_6_2_3_0_0_2_c_}_\_s_e_r_v_i_c_e_s_._d_l_l_ _-_>_ _A_d_w_a_r_e_._S_o_f_t_o_m_a_t_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_a_w_t_q_q_p_p_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_a_w_t_r_r_p_q_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_a_w_t_r_s_s_p_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_b_y_x_u_v_u_t_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_b_y_x_v_w_x_v_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_b_y_x_w_w_w_v_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_c_b_x_w_u_s_s_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_c_b_x_y_a_x_y_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_d_d_c_a_w_w_w_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_d_d_c_c_b_b_x_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_d_d_c_d_b_b_a_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_d_d_c_d_e_b_x_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_e_f_c_y_w_x_w_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_f_c_c_c_y_v_t_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_g_e_b_c_d_b_a_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
_C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_g_e_b_x_v_t_t_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_g_e_b_x_v_w_x_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_i_i_f_c_c_d_b_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_i_i_f_g_e_d_d_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_i_i_f_g_h_g_f_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_k_h_f_d_a_x_v_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_k_h_f_f_e_c_c_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_k_h_f_g_g_g_g_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_l_j_j_g_e_d_e_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_l_j_j_k_k_j_k_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_m_l_j_i_j_g_h_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_o_p_n_n_l_j_k_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_p_m_n_k_h_f_e_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_p_m_n_m_n_k_j_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_r_q_r_p_o_o_o_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_r_q_r_r_r_r_p_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_s_s_q_p_n_l_i_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_s_s_q_q_o_m_n_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_s_s_q_q_r_r_q_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_t_u_v_t_u_s_t_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_t_u_v_u_t_q_q_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_t_u_v_u_v_s_r_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_t_u_v_w_u_u_r_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_u_r_q_p_n_k_k_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_v_t_u_t_u_s_q_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_w_v_u_s_t_u_t_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_w_v_u_t_s_t_t_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_x_x_y_a_b_a_a_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_x_x_y_y_x_v_u_._d_l_l_ _._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_y_a_y_v_w_u_s_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_V_u_n_d_o_F_i_x_ _B_a_c_k_u_p_s_\_y_a_y_x_v_v_t_._d_l_l_._b_a_d_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_W_I_N_D_O_W_S_\_s_y_s_t_e_m_3_2_\_s_s_q_n_m_l_i_._d_l_l_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_w_a_c_k_y_2_._e_x_e_/_r_m_s_y_r_u_p_._e_x_e_ _-_>_ _A_d_w_a_r_e_._V_i_r_t_u_m_o_n_d_e_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__H_K_L_M_\_S_O_F_T_W_A_R_E_\_M_i_c_r_o_s_o_f_t_\_I_n_t_e_r_n_e_t_ _E_x_p_l_o_r_e_r_\_M_a_i_n_\_i_n_s_ _-_>_ _A_d_w_a_r_e_._W_e_b_R_e_b_a_t_e_s_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_W_I_N_D_O_W_S_\_s_y_s_t_e_m_3_2_\_S_p_O_r_d_e_r_._d_l_l_ _-_>_ _A_d_w_a_r_e_._W_i_n_A_n_t_i_V_i_r_u_s_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_f_o_p_n_._s_y_s_ _-_>_ _A_d_w_a_r_e_._W_i_n_A_n_t_i_V_i_r_u_s_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_W_I_N_D_O_W_S_\_a_l_m_._e_x_e_ _-_>_ _D_o_w_n_l_o_a_d_e_r_._S_m_a_l_l_._d_u_f_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_W_I_N_D_O_W_S_\_s_y_s_t_e_m_3_2_\_c_o_n_f_i_g_\_s_y_s_t_e_m_p_r_o_f_i_l_e_\_L_o_c_a_l_ _S_e_t_t_i_n_g_s_\_T_e_m_p_o_r_a_r_y_ _I_n_t_e_r_n_e_t_ _F_i_l_e_s_\_C_o_n_t_e_n_t_._I_E_5_\_D_D_1_T_Y_A_9_I_\_a_l_m_[_1_]_._e_x_e_ _-_>_ _D_o_w_n_l_o_a_d_e_r_._S_m_a_l_l_._d_u_f_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__C_:_\_W_I_N_D_O_W_S_\_D_o_w_n_l_o_a_d_e_d_ _P_r_o_g_r_a_m_ _F_i_l_e_s_\_U_D_C_6___0_0_0_1___D_1_9_M_1_9_0_8_N_e_t_I_n_s_t_a_l_l_e_r_._e_x_e_ _-_>_ _N_o_t_-_A_-_V_i_r_u_s_._D_o_w_n_l_o_a_d_e_r_._W_i_n_3_2_._W_i_n_F_i_x_e_r_._m_ _:_ _C_l_e_a_n_e_d_ _w_i_t_h_ _b_a_c_k_u_p_ _(_q_u_a_r_a_n_t_i_n_e_d_)_._
__:_m_o_z_i_l_l_a_._1_4_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._1_5_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._1_6_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._1_7_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._3_3_0_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._2_o_7_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._5_7_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_b_r_i_t_e_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._5_8_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_b_r_i_t_e_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._3_5_5_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_j_u_g_g_l_e_r_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._3_5_6_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_j_u_g_g_l_e_r_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._2_8_4_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_r_e_v_o_l_v_e_r_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._2_8_5_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_r_e_v_o_l_v_e_r_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._2_8_6_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_r_e_v_o_l_v_e_r_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._6_4_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_r_e_v_o_l_v_e_r_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._6_5_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._A_d_r_e_v_o_l_v_e_r_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._1_1_8_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._C_p_v_f_e_e_d_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._1_1_9_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._C_p_v_f_e_e_d_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._1_2_0_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._C_p_v_f_e_e_d_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._1_2_1_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._C_p_v_f_e_e_d_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._6_2_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._E_u_r_o_c_l_i_c_k_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._6_3_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._E_u_r_o_c_l_i_c_k_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._8_0_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._F_a_l_k_a_g_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._8_1_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._F_a_l_k_a_g_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._8_2_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._F_a_l_k_a_g_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._8_3_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._F_a_l_k_a_g_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._4_5_4_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._G_o_o_g_l_e_a_d_s_e_r_v_i_c_e_s_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._4_5_5_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._G_o_o_g_l_e_a_d_s_e_r_v_i_c_e_s_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._4_5_6_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._G_o_o_g_l_e_a_d_s_e_r_v_i_c_e_s_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._5_3_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._Y_i_e_l_d_m_a_n_a_g_e_r_ _:_ _C_l_e_a_n_e_d_._
__:_m_o_z_i_l_l_a_._5_4_:_C_:_\_D_o_c_u_m_e_n_t_s_ _a_n_d_ _S_e_t_t_i_n_g_s_\_A_d_m_i_n_i_s_t_r_a_t_o_r_\_A_p_p_l_i_c_a_t_i_o_n_ _D_a_t_a_\_M_o_z_i_l_l_a_\_F_i_r_e_f_o_x_\_P_r_o_f_i_l_e_s_\_6_n_w_l_i_6_s_j_._d_e_f_a_u_l_t_\_c_o_o_k_i_e_s_._t_x_t_ _-_>_ _T_r_a_c_k_i_n_g_C_o_o_k_i_e_._Y_i_e_l_d_m_a_n_a_g_e_r_ _:_ _C_l_e_a_n_e_d_._
__
_:_:_R_e_p_o_r_t_ _e_n_d_












Incident Status Location

Adware:Adware/ActiveSearch Not disinfected C:\deskbar_e11.exe
Adware:Adware/ActiveSearch Not disinfected C:\deskbar_e15.exe
Virus:W32/Sdbot.ISK.worm Not disinfected C:\Documents and Settings\Administrator\Desktop\requested-files[2006-11-05_14_15].cab[C:\WINDOWS\atapid.exe]
Virus:W32/Sdbot.HQG.worm Not disinfected C:\Documents and Settings\Administrator\Desktop\requested-files[2006-11-09_20_10].cab[C:\WINDOWS\elRecvr.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\apps\Process.exe
Possible Virus. Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\apps\swsc.exe
Virus:W32/Sdbot.HQG.worm Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/elRecvr.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix.exe[SDFix\apps\swsc.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\swsc.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc26.exe[SDFix\apps\Process.exe]
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc26.exe[SDFix\apps\swsc.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc27\SDFix\apps\Process.exe
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc27\SDFix\apps\swsc.exe
Virus:W32/SdBot.ISH.worm Disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc27\SDFix\backups\backups.zip[backups/alg.exe]
Adware:Adware/ActiveSearch Not disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc27\SDFix\backups\backups.zip[backups/eraseme_10194.exe]
Adware:Adware/ActiveSearch Not disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc27\SDFix\backups\backups.zip[backups/eraseme_10194.exe][²ÜÇ\nsProcess.dll]
Adware:Adware/ActiveSearch Not disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc27\SDFix\backups\backups.zip[backups/eraseme_10194.exe][¦++\{²íÇ}\Update.exe]
Adware:Adware/ActiveSearch Not disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc27\SDFix\backups\backups.zip[backups/eraseme_10194.exe][¦++\{²íÇ}\services.dll]
Adware:Adware/ActiveSearch Not disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc27\SDFix\backups\backups.zip[backups/eraseme_10194.exe][888Bar.dll]
Adware:Adware/ActiveSearch Not disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc27\SDFix\backups\backups.zip[backups/eraseme_10194.exe][Activate.exe]
Virus:W32/IrcBot.AGX.worm Disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc27\SDFix\backups\backups.zip[backups/eraseme_78663.exe]
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc27\SDFix\backups\backups.zip[backups/mmxonehour[1].exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc28.exe[SDFix\apps\Process.exe]
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc28.exe[SDFix\apps\swsc.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc29\apps\Process.exe
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc29\apps\swsc.exe
Virus:W32/Sdbot.ISK.worm Disinfected C:\RECYCLER\S-1-5-21-861567501-527237240-725345543-500\Dc29\backups\backups.zip[backups/atapid.exe]
Virus:W32/Sdbot.IOW.worm Disinfected C:\skanks.exe
Adware:Adware/Mytoolbar Not disinfected C:\te-110-12-0000059.exe
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\awtrrrp.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\awtuuvu.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\byxwvvs.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\ddcdaxu.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\efcaayv.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\fccbxxx.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\hggdabc.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\hggebcy.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\hgggefc.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\iiffeec.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\ljjihhe.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\mljghif.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\mljhffe.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\opnmlmn.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\opnmnll.dll.bad
Possible Virus. Not disinfected C:\VundoFix Backups\pmkjh.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\qomkhhh.dll.bad
Possible Virus. Not disinfected C:\VundoFix Backups\sstqp.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\tuvuvsq.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\urqrrpn.dll.bad
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\vjgnctpn.dll.bad
Possible Virus. Not disinfected C:\VundoFix Backups\vtsqo.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\wvussrq.dll.bad
Virus:Trj/Conhook.S Disinfected C:\VundoFix Backups\wvuvwtr.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\wacked.exe[rmsyrup.exe]
Spyware:Spyware/Virtumonde Not disinfected C:\wacky32.exe[rmsyrup.exe]
Virus:W32/Sdbot.IJN.worm Disinfected C:\WINDOWS\atapi32.exe
Dialer:Dialer.ABR Not disinfected C:\WINDOWS\Downloaded Program Files\startbf2.inf
Virus:W32/IrcBot.AGX.worm Disinfected C:\WINDOWS\netdde.exe
Virus:W32/Sdbot.IOW.worm Disinfected C:\WINDOWS\spoolersv.exe
Dialer:dialer.xd Not disinfected C:\WINDOWS\switchagreement.txt
Possible Virus. Not disinfected C:\WINDOWS\system32\swsc.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\upecficg.exe
Virus:W32/Sdbot.ftp.worm Disinfected C:\WINDOWS\system32\x
Virus:W32/IRCBot.AHA.worm Disinfected C:\WINDOWS\tcpsvcs.exe
Adware:adware/webattaker Not disinfected C:\WINDOWS\uniq


Logfile of HijackThis v1.99.1
Scan saved at 17:55:19, on 15/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HJT.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
D:\Microsoft Office\Office10\WINWORD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kristi123.spaces.live.com//Photo ... nPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... ase969.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ ... loader.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McRedirector - Unknown owner - (no file)
O23 - Service: McShield - Unknown owner - (no file)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Grezza
Regular Member
 
Posts: 82
Joined: November 3rd, 2006, 4:19 pm

Unread postby Trogan » November 15th, 2006, 2:41 pm

Hi Grezza!

The AVG-AS report is a bit hard to read. Although I could just about make most of it, I would like to clearly see what the results are. Could you try copying and pasting the results again from Notepad please? You could try Edit > Select All and then Edit > Copy and see if that helps.
_____________________

We need to view hidden files and folders:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Next, find and delete the following in RED:

C:\WINDOWS\system32\upecficg.exe
C:\WINDOWS\switchagreement.txt
C:\WINDOWS\uniq
C:\deskbar_e11.exe
C:\deskbar_e15.exe
C:\wacked.exe
C:\wacky32.exe
C:\te-110-12-0000059.exe
C:\WINDOWS\Downloaded Program Files\startbf2.inf


You can also delete these:

SDFix
SmitfraudFix


and these .cab files we created earlier.

C:\Documents and Settings\Administrator\Desktop\requested-files[2006-11-05_14_15].cab
C:\Documents and Settings\Administrator\Desktop\requested-files[2006-11-09_20_10].cab

_____________________

Download Brute Force Uninstaller to your desktop.
  • Right click the file on your Desktop, and choose Extract All.
  • Click Next.
  • In the box to choose where to extract the files to:
  • Click Browse.
  • Click on the + sign next to My Computer
  • Click on Local Disk C: or whatever your primary drive is.
  • Click Make New Folder
  • Type in BFU
  • Click Next, and uncheck the Show Extracted Files box and then click Finish.
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you just made (c:\BFU).

Go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Image and select alcanshorty.bfu
  • Press Execute and let the program do it's job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
_____________________

- Download ComboFix from here and save it to your Desktop.

- Double click combofix.exe & follow the prompts.

- When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
_____________________

Please post the following:

1) AVG-AS log (if possible)
2) ComboFix log
3) New HijackThis log
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware