Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help getting going

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help getting going

Unread postby toofy » June 7th, 2007, 12:27 am

I have registered and logged in. Tried to check about HijackThis having a file of its own but a search of my Pc does not find any such file. PcAdvisor insists I have a health check. Please note that I suffer from narcolepsy which means my brain rarely works at even 75% & that I may need to have a sleep at any time. Sorry! What should i have done to have an HJT.exe file? Thanks.
toofy
Regular Member
 
Posts: 46
Joined: June 3rd, 2007, 6:37 am
Advertisement
Register to Remove

Unread postby ndmmxiaomayi » June 7th, 2007, 6:28 am

Hi toofy. :)

Welcome to Malware Removal Forum.

My name is mayi and I will be helping you. As I am still an undergraduate, I will need my fixes checked before posting back to you. Thank you for your patience.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby ndmmxiaomayi » June 7th, 2007, 10:02 am

Hi toofy. :)

Use this link to get HijackThis.
Save it to your desktop and then double-click to run it. Click on Unzip.
It will install the program in C:\Program files\HijackThis.
Browse to that location with Windows Explorer, and double click on the HijackThis.exe program to run. Choose the Do a system scan and save a logfile.
That will save the log automatically to C:\Program Files\HijackThis, leaving Notepad open.

Now post your HijackThis log into this topic.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby toofy » June 11th, 2007, 8:59 am

Logfile of HijackThis v1.99.1
Scan saved at 09:41:26, on 10/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Derek Foot\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3982977781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
toofy
Regular Member
 
Posts: 46
Joined: June 3rd, 2007, 6:37 am

Unread postby ndmmxiaomayi » June 11th, 2007, 1:55 pm

Hi toofy. :)

Step 1

While having Microsoft Antispyware to protect your system is good, it can interfere with the fixes. I would need you to disable Windows Defender temporarily while fixing your computer. You can re-enable Microsoft Antispyware again once your computer is clean. Here is how to disable it:

  1. Right click on the Microsoft Antispyware icon in the system tray near the clock (it's the one with the red and yellow bullseye).
  2. Click on Security Agents Status.
  3. Click on Disable realtime protection.
  4. Right click on the Microsoft Anti-Spyware icon in the system tray again to open Microsoft Antispyware.
  5. Click on the Options menu and choose Settings.
  6. In the left pane column, click on Real Time Protection.
  7. Under Startup Options, uncheck (untick) Enable (MSAS) Security Agents on startup (recommended).
  8. Under Real time spyware threat protection, uncheck (untick) Enable real-time spyware threat protection" (recommended).
  9. Click the Save button and close Microsoft AntiSpyware.
  10. Finally, right-click on the Microsoft Antispyware icon in the system tray and select Shutdown Microsoft Antispyware.

Step 2

Open HijackThis (in C:\Program Files\HijackThis).

Select Do a system scan only.

Put a tick next to this item: O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file).

Click on the Fix checked button at the bottom left hand corner.

Step 3

  1. Please download AVG Anti-Spyware and save it to your desktop.
  2. Double click on avgas-setup-7.5.1.36.exe to install AVG Anti-Spyware. Install it in the default location.
  3. Once installed, start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  4. In the main screen, you should see Your Computer's Security.
    • Next to Resident Shield, click on Change state. It should now be Inactive.
    • Next to Automatic Updates, click on Change state. It should now be Inactive.
    • Next to Last Update, click on Update now. Should you be unable to update it, download the updates from here. Save it to your desktop. Double click to run the installation and the updates will be installed. Make sure AVG Anti-Spyware is closed during the installation.
    • Right-click the AVG Anti-Spyware icon near the clock and uncheck (untick) Start with Windows. Confirm by clicking Yes.
  5. Now click on the Scanner button at the top.
  6. Select the Settings tab.
  7. Under How to act?, click on Recommended actions and select Quarantine.
  8. Under How to scan?, check (tick) all the boxes.
  9. Under Possibly unwanted software:, check (tick) all the boxes.
  10. Under Reports, select Do not automatically generate reports and uncheck (untick) the Only if threats were found box.
  11. Under What to scan?, select Scan every file.
Do not run a scan yet. You will run a scan later.

Step 4

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All and untick the Cookies box.
  • Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All and untick the Firefox Cookies box.
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All and untick the Opera Cookies box.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Step 5

  1. Go to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  2. Click on the Scanner button at the top.
  3. Select the Scan tab.
  4. Click on Complete System Scan to start the scan.
  5. When the scan has finished, follow the instructions below.
    IMPORTANT: Don't click on the Save Scan Report button before you did hit the Apply all Actions button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  6. When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  7. Right click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Restart in Normal Mode.

In your next reply, please post:

  1. A new HijackThis log
  2. AVG Antispyware log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby toofy » June 11th, 2007, 2:47 pm

Problem at Step 1: Micro Antispyware icon is not in the system tray near the clock. When I right click on the bullseye in My Programs I am unable to locate Security Agents status. A note appeared informing me that this version of M.Antispy expired 31st May 2005. Advice please.
toofy
Regular Member
 
Posts: 46
Joined: June 3rd, 2007, 6:37 am

Unread postby ndmmxiaomayi » June 11th, 2007, 3:12 pm

Problem at Step 1: Micro Antispyware icon is not in the system tray near the clock. When I right click on the bullseye in My Programs I am unable to locate Security Agents status. A note appeared informing me that this version of M.Antispy expired 31st May 2005. Advice please.


The reason why it expired is because MS Antispyware has been replaced with Windows Defender.

You can take a look here:

http://www.microsoft.com/athome/securit ... fault.mspx

Please uninstall this version of MS Antispyware.

Here are the instructions:

  1. Click on Start > Control Panel.
  2. Double click on Add/Remove Programs.
  3. Scroll down and locate Microsoft Antispyware Beta.
  4. Click on Change/Remove button to uninstall it.


Then continue from Step 2 onwards.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby toofy » June 11th, 2007, 4:23 pm

I have reached Step 5, item 4. I have paused the scan which has almost finished. So far it has recorede 83 infections. Of these 82 are cookies. Does this mean I failed to untick the Firefox cookies? I am not going to be able to finish this in one attempt due to health problems. Advice please.
toofy
Regular Member
 
Posts: 46
Joined: June 3rd, 2007, 6:37 am

Unread postby toofy » June 12th, 2007, 1:39 am

I have completed the scan and attempted to do a new HJT log. Even though I agree to the new log replacing the existing one, the logfile is dated 10th June and it is now June 12th. Please advise in simplistic terms the steps needed to produce a new HJT log. Thanks.
toofy
Regular Member
 
Posts: 46
Joined: June 3rd, 2007, 6:37 am

Unread postby ndmmxiaomayi » June 12th, 2007, 2:28 am

I have completed the scan and attempted to do a new HJT log. Even though I agree to the new log replacing the existing one, the logfile is dated 10th June and it is now June 12th. Please advise in simplistic terms the steps needed to produce a new HJT log. Thanks.


  1. Open HijackThis and choose Do a system scan and save a logfile.
  2. Once the scanning is done, a log will be produced and Notepad will open.
  3. Post this new HijackThis log together with the AVG Antispyware report.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby toofy » June 12th, 2007, 3:09 am

Hope you got the HJT log. AVG log is here
Logfile of HijackThis v1.99.1
Scan saved at 07:46:18, on 12/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Derek Foot\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3982977781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9343F863-11AC-4564-867C-354576F02FB5}: NameServer = 62.24.128.17 62.24.128.18
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:08:45 12/06/2007

+ Scan result:



C:\Program Files\Internet Explorer\BTOW Shared Files\btwebcontrol.dll -> Dialer.BT.c : Cleaned.
:mozilla.84:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.153:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.155:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.160:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.124:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.57:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.58:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.30:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.32:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.23:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.228:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.180:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.161:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.170:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.92:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.93:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.94:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.95:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.24:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.89:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.120:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.121:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.122:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.123:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.125:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.126:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.193:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.194:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.195:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.196:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.201:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.231:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.240:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.276:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.277:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.283:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.143:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.145:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.146:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.253:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.172:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.173:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.86:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.192:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.203:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.35:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.36:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.37:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.105:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.106:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.109:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.110:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.111:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.112:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.60:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.61:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.62:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.63:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.64:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.65:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.206:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.207:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.244:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.245:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.40:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.41:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.42:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.43:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.44:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.45:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.46:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.284:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.26:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.28:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.27:C:\Documents and Settings\Derek Foot\Application Data\Mozilla\Firefox\Profiles\jeotnpaf.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.


::Report end
toofy
Regular Member
 
Posts: 46
Joined: June 3rd, 2007, 6:37 am

Unread postby ndmmxiaomayi » June 12th, 2007, 4:43 am

Hi toofy, may I know which provider is providing you internet access currently?
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby toofy » June 12th, 2007, 5:18 am

Talktalk.net
toofy
Regular Member
 
Posts: 46
Joined: June 3rd, 2007, 6:37 am

Unread postby ndmmxiaomayi » June 13th, 2007, 5:20 am

Please go to Kaspersky website and perform an online antivirus scan.
Please use Internet Explorer as it uses ActiveX.

  1. Click on Kaspersky Online Scanner button.
  2. Read through the requirements and privacy statement and click on Accept button.
  3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
  4. When the downloads have finished, click on Next button.
  5. Click on Scan Settings button.
  6. Select extended under Scan using the following antivirus database:
  7. Check (tick) these boxes under Scan options:
    • Scan Archives
    • Scan Mail Bases
  8. Click OK
  9. Click on My Computer under Please select a target to scan:
  10. Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
  11. Copy and paste this log in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby toofy » June 13th, 2007, 7:29 am

KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 13, 2007 12:13:48 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 13/06/2007
Kaspersky Anti-Virus database records: 343090


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 43404
Number of viruses found 3
Number of infected objects 7 / 0
Number of suspicious objects 0
Duration of the scan process 00:33:39

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Derek Foot\.housecall6.6\Quarantine\MyFunCardsSetup2.2.60.11.exe.bac_a03036/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\Documents and Settings\Derek Foot\.housecall6.6\Quarantine\MyFunCardsSetup2.2.60.11.exe.bac_a03036 CAB: infected - 1 skipped

C:\Documents and Settings\Derek Foot\.housecall6.6\Quarantine\MyFunCardsSetup2.2.60.11.exe.bac_a03036 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Derek Foot\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped

C:\Documents and Settings\Derek Foot\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped

C:\Documents and Settings\Derek Foot\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Derek Foot\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped

C:\Documents and Settings\Derek Foot\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped

C:\Documents and Settings\Derek Foot\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Derek Foot\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Derek Foot\Local Settings\Application Data\SupportSoft\talktalk\Derek Foot\state\logs\sprtcmd.log Object is locked skipped

C:\Documents and Settings\Derek Foot\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Derek Foot\Local Settings\Temp\~DF6AF1.tmp Object is locked skipped

C:\Documents and Settings\Derek Foot\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Derek Foot\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Derek Foot\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Microsoft AntiSpyware\Quarantine\750C18B3-7E92-455F-A0DC-BC4CF6\C5477221-B788-4315-B779-64509B Infected: not-a-virus:AdWare.Win32.Background skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000106.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000106.exe CAB: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0000563.dll Infected: not-a-virus:Dialer.Win32.BT.c skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
toofy
Regular Member
 
Posts: 46
Joined: June 3rd, 2007, 6:37 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware