Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hyjackthis scan results, thanks for your help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hyjackthis scan results, thanks for your help

Unread postby snowwhite8 » January 12th, 2007, 8:35 am

Logfile of HijackThis v1.99.1
Scan saved at 12:29:19, on 12/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\VoyagerTest\fts.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Virgin.net Broadband\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\joan\My Documents\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.virgin.net/ie/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.Net Broadband
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcbljaza.dll
O2 - BHO: SelasI Class - {59F4F380-01A0-4083-9FA4-E3B827319F7E} - C:\WINDOWS\system32\vcbhdfrf.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\SearchTool\nsp20.dll
O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin.net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4050635765
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D12A9BE-8BDB-49A4-970B-DC2C20629431}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
snowwhite8
Active Member
 
Posts: 9
Joined: January 12th, 2007, 8:17 am
Advertisement
Register to Remove

Unread postby Trogan » January 12th, 2007, 8:39 pm

Hi snowwhite8 and welcome to Malware Removal! :)

I need to see another log from HijackThis.
  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button.
  • Save the file to your desktop, with the default name of uninstall_list
  • Copy & Paste the entire contents of that file back here.

Thanks! :)
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Uninstall_list file

Unread postby snowwhite8 » January 13th, 2007, 2:35 pm

360Share Pro(remove only)
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Reader 8
Adobe Shockwave Player
Apple Software Update
ArcSoft PhotoStudio 5.5
Audio Converter All-in-one
AVG Free Edition
BT Voyager Modem AOL Test
Canon CanoScan Toolbox 4.9
Canon ScanGear Starter
CommAid
Companion wizard
Dell Driver Reset Tool
Dell Media Experience
Disc2Phone
Doom 3
Google Earth
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iPod Updater 2004-08-06
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Lexmark Z600 Series
LimeWire 4.12.6
Living Marine Aquarium 2 Screen Saver
Manual CanoScan LiDE 60
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 7.0
Modem Event Monitor
Modem Helper
Modem On Hold
MSXML 4.0 SP2 (KB927978)
Network Play System (Patching)
OmniPage SE 2.0
Picasa 2
PowerDVD 5.3
QuickTime
RealPlayer Basic
RegCure 1.0.0.43
Search Enhancer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Smart Shopper
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sony Ericsson PC Suite 1.20.173
SpeedTouch USB Software
The Sims
UControl Scan and Remove
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Media Player
VisCalc
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
snowwhite8
Active Member
 
Posts: 9
Joined: January 12th, 2007, 8:17 am

Unread postby waterfalls » January 13th, 2007, 4:07 pm

Hi -

Please post a HijackThis log along with a brief explanation of the problem(s) you are experiencing.
User avatar
waterfalls
MRU Emeritus
MRU Emeritus
 
Posts: 70
Joined: December 23rd, 2005, 10:16 am

start up problem

Unread postby snowwhite8 » January 13th, 2007, 4:28 pm

on start up i get this msg - 'Internet explorer cannot display web page'. web page being - http://iesettingsupdate/
snowwhite8
Active Member
 
Posts: 9
Joined: January 12th, 2007, 8:17 am

Unread postby Trogan » January 13th, 2007, 5:46 pm

Hi snowwhite8!

I've been informed that you have been starting new threads instead of replying to them. I understand this may be a mistake.

http://www.malwareremoval.com/forum/viewtopic.php?t=17230
http://www.malwareremoval.com/forum/viewtopic.php?t=17234

I have informed the Forum staff and the posts should be merged soon. Either myself or someone else should be along to help you then.

Thanks! :)
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby waterfalls » January 14th, 2007, 1:42 am

Hi -

• Go to Start > Control Panel > Add/Remove Programs
- Select Quick Links > click Remove
- Select Related Sites Toolbar > click Remove
- Select Communicator Toolbar > click Remove
- Exit.

• Reboot your computer.

• Start HijackThis, click System Scan Only and place a checkmark next to the following items:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcbljaza.dll
O2 - BHO: SelasI Class - {59F4F380-01A0-4083-9FA4-E3B827319F7E} - C:\WINDOWS\system32\vcbhdfrf.dll
O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\SearchTool\nsp20.dll
O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate


Close ALL browsers and open windows/programs except HijackThis and click 'Fix Checked'.

• Navigate to and delete the following folders if present:
C:\WINDOWS\system32\SearchTool
C:\WINDOWS\system32\SmartShopper

• Navigate to and delete the following files if present:
C:\WINDOWS\system32\tcbljaza.dll
C:\WINDOWS\system32\vcbhdfrf.dll

• Reboot your computer.

• Download and scan with AVG Anti-Spyware v7.5
(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware)
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message. If you are having problems with the updater, manually update with the
AVG Anti-Spyware Full database installer from here.

Once the updates are installed do the following:
1. Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?" check all (default).
  • Under "Possibly unwanted software" check all (default).
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions?" button.

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done and submit the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.
Note: If AVG Anti-Spyware "crashes" or "hangs" during the scan, try scanning again by doing this:
1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.
2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.

• Post back with the results of the AVG Anti-Spyware scan and a new HijackThis log.
User avatar
waterfalls
MRU Emeritus
MRU Emeritus
 
Posts: 70
Joined: December 23rd, 2005, 10:16 am

AVG Anti-Spyware scan results

Unread postby snowwhite8 » January 17th, 2007, 5:29 pm

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:23:14 17/01/2007

+ Scan result:



C:\Program Files\360Share Pro\Gui\$300 FREE Casino Tropez.exe -> Adware.Casino : Cleaned with backup (quarantined).
C:\Program Files\360Share Pro\Gui\$500 FREE Titan Poker.exe -> Adware.Casino : Cleaned with backup (quarantined).
C:\Program Files\360Share Pro\Gui\$888 FREE Vegas Red.exe -> Adware.Casino : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_103700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_103700.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_104700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_104700.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_106800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_219900.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_220300.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_407400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_407400.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_407700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_407700.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_412100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_412100.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_412200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_0_412200.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_395300.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_410900.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_411000.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_411100.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_411700.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_411800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_411800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_411900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_411900.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_412000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_412000.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_412100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_412100.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_412200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_412200.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_501600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_501600.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_2_256700.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_2_284800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_2_404800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_2_407800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_2_480200.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_2_482700.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_2_486000.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_2_513800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_2_536400.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_3_256600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_3_256600.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_3_264100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_3_264100.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_3_408200.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_3_408400.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_3_513800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_312500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_312500.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_315900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_315900.jpg -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_407800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_408200.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_408400.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_411700.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_411800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_411800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_411900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_411900.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_412000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_412000.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_412100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_412100.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_412200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_412200.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_4_800100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_1_0_449200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_103700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_103700.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_104700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_104700.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_106800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_219900.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_220300.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_407400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_407400.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_407700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_407700.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_412100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_412100.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_412200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_0_412200.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_395300.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_410900.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_411000.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_411100.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_411700.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_411800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_411800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_411900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_411900.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_412000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_412000.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_412100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_412100.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_412200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_412200.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_501600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_501600.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_502500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_502500.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_509300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_509300.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_518300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_518300.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_529900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_529900.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_531300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_531300.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_534500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_534500.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_535300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_535300.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_545900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_545900.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_547800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_547800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_549000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_549000.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_549100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_549100.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_549400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_549400.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_560400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_560400.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_562700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_562700.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_566800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_566800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_567900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_567900.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_579000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_579000.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_579600.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_579800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_579800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_581700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_581700.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_590300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_590300.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_593100.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_593900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_593900.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_598200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_598200.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_598700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_598700.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_598800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_598800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_600800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_600800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_611600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_611600.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_612900.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_613000.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_622100.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_623600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_623600.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_625500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_625500.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_627200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_627200.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_631500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_631500.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_632000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_632000.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_632700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_632700.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_1_658500.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_2_256700.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_2_284800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_2_404800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_2_407800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_2_480200.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_2_482700.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_2_486000.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_2_513800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_2_538700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_2_538700.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_3_256600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_3_256600.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_3_264100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_3_264100.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_3_312500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_3_312500.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_3_315900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_3_315900.jpg -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_3_408200.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_3_408400.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_3_513800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_312500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_312500.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_315900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_315900.jpg -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_387900.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_389000.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_407800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_408200.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_408400.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_411700.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_411800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_411800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_411900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_411900.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_412000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_412000.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_412100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_412100.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_412200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_412200.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_2_4_800100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_103700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_103700.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_104700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_104700.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_106800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_219900.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_220300.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_407400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_407400.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_407700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_407700.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_412100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_412100.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_412200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_0_412200.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_395300.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_410900.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_411000.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_411100.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_411700.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_411800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_411800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_411900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_411900.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_412000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_412000.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_412100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_412100.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_412200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_412200.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_501600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_501600.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_502500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_502500.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_534500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_534500.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_535300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_535300.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_549000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_549000.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_627200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_627200.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_1_658500.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_2_256700.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_2_284800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_2_404800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_2_407800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_2_480200.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_2_482700.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_2_486000.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_2_513800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_2_536400.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_2_538700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_2_538700.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_3_256600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_3_256600.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_3_264100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_3_264100.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_3_408200.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_3_408400.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_3_513800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_312500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_312500.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_387900.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_389000.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_407800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_408200.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_408400.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_411700.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_411800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_411800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_411900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_411900.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_412000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_412000.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_412100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_412100.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_412200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_412200.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_3_4_800100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_221900.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_221900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_240300.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_240300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_302800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_313600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_359800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_417400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_417800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_417800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_418100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_418200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_0_477600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_1_105900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_1_106600.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_1_106600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_1_442900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_1_507800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_1_507800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_1_508500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_1_508600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_1_512500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_1_535900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_1_552200.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_1_552200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_1_573500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_1_579200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_2_503500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_2_508600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_2_522400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_2_522400.jpg -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_2_535900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_2_564000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_2_578900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_2_578900.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_2_582100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_2_582100.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_105900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_359800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_369300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_419700.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_419700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_419800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_419800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_420600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_421000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_421100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_421200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_421400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_425200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_438700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_540200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_540200.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_591700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_591700.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_592200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_592200.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_593800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_3_593800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_105900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_106600.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_106600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_109000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_221700.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_221700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_221900.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_221900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_256800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_256800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_265200.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_265200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_268300.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_268300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_313800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_351700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_365000.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_365000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_369000.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_369000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_369300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_398700.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_398700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_398800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_398800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_399700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_399700.jpg -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_416500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_416700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_417800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_417800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_418100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_418200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_420000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_420600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_421000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_421200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_421400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_425200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_438700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_442900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AdCache\B_329_4_4_524100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-2120513778-90129798-554493957-1008\Software\RX Toolbar -> Adware.RXToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2120513778-90129798-554493957-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-2120513778-90129798-554493957-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-2120513778-90129798-554493957-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-2120513778-90129798-554493957-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-2120513778-90129798-554493957-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\BTOW Shared Files\btwebcontrol.dll -> Dialer.BT.c : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\joan\Cookies\joan@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@cneteurope.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@server.lon.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@try.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\joan\Cookies\joan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end
snowwhite8
Active Member
 
Posts: 9
Joined: January 12th, 2007, 8:17 am

most recent hyjack this scan results

Unread postby snowwhite8 » January 17th, 2007, 5:36 pm

Logfile of HijackThis v1.99.1
Scan saved at 21:34:45, on 17/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\VoyagerTest\fts.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Virgin.net Broadband\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\joan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.virgin.net/ie/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.Net Broadband
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin.net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4050635765
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D12A9BE-8BDB-49A4-970B-DC2C20629431}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
snowwhite8
Active Member
 
Posts: 9
Joined: January 12th, 2007, 8:17 am

Unread postby waterfalls » January 18th, 2007, 8:18 am

Hi, -

• You have two undesirable programs installed.
The first one is 360Share Pro. This program used to be called eTomi and is considered a scam.
See, http://en.wikipedia.org/wiki/Etomi
The second one is UControl which is considered to be a rogue apllication.
See, http://www.spywarewarrior.com/rogue_ant ... m#products

To remove these programs, go to Start > Control Panel > Add/Remove Programs
- Select UControl > click Remove
- Select 360Share Pro > click Remove
- Exit.

Reboot your computer.

Navigate to and delete the following folders if present:
C:\Program Files\Common Files\ucontrol
C:\Documents and Settings\Application Data\<your username>\ucontrol
C:\Program Files\360Share Pro

• We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
* Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
* Click on Tools, General Settings
* Under Real-time protection options, unselect the Turn on real-time protection check box
* Click Save

After all of the fixes are complete it is very important that you enable Real-time Protection again.

• Start HijackThis, click System Scan Only and place a checkmark next to the following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)


Close ALL browsers and open windows/programs except HijackThis and click 'Fix Checked'.

Reboot your computer.

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.


• Perform an onlinescan with Panda Online. Please use this scanner instead of any other scanner! You have to use Internet Explorer for this scan.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component, allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When the download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the "See Report" button, then "Save Report" and save it to a convenient location.

• Post back with the results of the Panda scan and a new HijackThis log.
User avatar
waterfalls
MRU Emeritus
MRU Emeritus
 
Posts: 70
Joined: December 23rd, 2005, 10:16 am

Panda Scan and new HijackThis scan

Unread postby snowwhite8 » January 23rd, 2007, 2:03 pm

Incident Status Location

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\joan\Cookies\joan@doubleclick[1].txt
Adware:Adware/Beginto Not disinfected C:\Documents and Settings\joan\Desktop\backups\backup-20070117-184633-745.dll
Adware:Adware/Beginto Not disinfected C:\Documents and Settings\joan\Desktop\backups\backup-20070117-184633-815.dll
Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\10-47488c40c3cddfee98fc3b173f6d7beb.exe
Adware:Adware/Searchtool Not disinfected C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe
Adware:Adware/Beginto Not disinfected C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe
Adware:Adware/AdRotator Not disinfected C:\WINDOWS\5-a0c18a429b8010fee34ee31d9073371d.exe
Adware:Adware/AdRotator Not disinfected C:\WINDOWS\SYSTEM32\brrot-uninst.exe Logfile of HijackThis v1.99.1
Scan saved at 17:55:26, on 23/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\VoyagerTest\fts.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Virgin.net Broadband\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Documents and Settings\joan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.virgin.net/ie/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.Net Broadband
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin.net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4050635765
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D12A9BE-8BDB-49A4-970B-DC2C20629431}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
snowwhite8
Active Member
 
Posts: 9
Joined: January 12th, 2007, 8:17 am

Unread postby waterfalls » January 23rd, 2007, 4:22 pm

• I see no software Firewall program present on your system. This will greatly help in preventing your system from being infected by malware. You need to install a Firewall program.
Kerio 4.2.2-911 is a good FREE software Firewall program.
See, Understanding and Using Firewalls

• Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.


• Run the Panda scan again.

• Post back with the results of the Superantispyware scan, the results of the Panda scan and a new HijackThis logl
User avatar
waterfalls
MRU Emeritus
MRU Emeritus
 
Posts: 70
Joined: December 23rd, 2005, 10:16 am

Superantispyware log

Unread postby snowwhite8 » January 26th, 2007, 6:07 am

SUPERAntiSpyware Scan Log
Generated 01/26/2007 at 10:03 AM

Application Version : 3.5.1016

Core Rules Database Version : 3173
Trace Rules Database Version: 1183

Scan type : Complete Scan
Total Scan Time : 00:30:06

Memory items scanned : 442
Memory threats detected : 0
Registry items scanned : 5098
Registry threats detected : 22
File items scanned : 38052
File threats detected : 67

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\SLIMFHHC.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\timerp.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\timerp.exe#Path
C:\WINDOWS\Prefetch\SLIMFHHC.EXE-00BFCE56.pf

Adware.Tracking Cookie
C:\Documents and Settings\joan\Cookies\joan@bs.serving-sys[1].txt
C:\Documents and Settings\joan\Cookies\joan@imrworldwide[2].txt
C:\Documents and Settings\joan\Cookies\joan@mediaplex[1].txt
C:\Documents and Settings\joan\Cookies\joan@ad.uk.tangozebra[1].txt
C:\Documents and Settings\joan\Cookies\joan@adrevenue[2].txt
C:\Documents and Settings\joan\Cookies\joan@atdmt[2].txt
C:\Documents and Settings\joan\Cookies\joan@ad.uk.tangozebra[2].txt
C:\Documents and Settings\joan\Cookies\joan@kanoodle[1].txt
C:\Documents and Settings\joan\Cookies\joan@serving-sys[2].txt
C:\Documents and Settings\joan\Cookies\joan@summitmedia.co[2].txt
C:\Documents and Settings\joan\Cookies\joan@doubleclick[1].txt
C:\Documents and Settings\joan\Cookies\joan@media.fastclick[1].txt
C:\Documents and Settings\joan\Cookies\joan@247realmedia[1].txt
C:\Documents and Settings\joan\Cookies\joan@fastclick[2].txt
C:\Documents and Settings\joan\Cookies\joan@advertising[1].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
C:\WINDOWS\system32\stera.job

Trojan.WinFixer 2006
HKCR\FxCore.MMFixCore.1

Adware.MyWay
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#ShzmCurInstall
HKLM\Software\MyWay\myBar#pid
HKLM\Software\MyWay\myBar#CurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#pl
HKLM\Software\MyWay\myBar#Id
HKLM\Software\MyWay\myBar#Build
HKLM\Software\MyWay\myBar#HistoryDir
HKLM\Software\MyWay\myBar#Visible
HKLM\Software\MyWay\myBar#SettingsDir
HKLM\Software\MyWay\myBar#ConfigRevisionURL
HKLM\Software\MyWay\myBar#ConfigDateStamp
HKLM\Software\MyWay\myBar#Maximized
HKLM\Software\MyWay\myBar\partner
HKLM\Software\MyWay\myBar\partner#name
C:\Program Files\MyWay\myBar\History\search
C:\Program Files\MyWay\myBar\History
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\Program Files\MyWay\myBar\Settings
C:\Program Files\MyWay\myBar
C:\Program Files\MyWay

Malware.SystemDoctor
C:\Documents and Settings\joan\Application Data\SystemDoctor 2006 Free\Logs\update.log
C:\Documents and Settings\joan\Application Data\SystemDoctor 2006 Free\Logs
C:\Documents and Settings\joan\Application Data\SystemDoctor 2006 Free

Malware.SpywareBot
HKU\S-1-5-21-2120513778-90129798-554493957-1008\Software\SpywareBot
C:\Program Files\SpywareBot\DataBaseNew.ref
C:\Program Files\SpywareBot\HOSTS Backups
C:\Program Files\SpywareBot\Log\log_2007_01_12_10_32_46.log
C:\Program Files\SpywareBot\Log\log_2007_01_12_10_32_48.log
C:\Program Files\SpywareBot\Log\log_2007_01_12_10_35_45.log
C:\Program Files\SpywareBot\Log\log_2007_01_12_10_35_46.log
C:\Program Files\SpywareBot\Log
C:\Program Files\SpywareBot\Quarantine
C:\Program Files\SpywareBot\Registry Backups
C:\Program Files\SpywareBot\Settings\CustomScan.stg
C:\Program Files\SpywareBot\Settings\IgnoreList.stg
C:\Program Files\SpywareBot\Settings\ScanInfo.stg
C:\Program Files\SpywareBot\Settings\ScanResults.stg
C:\Program Files\SpywareBot\Settings\SelectedFolders.stg
C:\Program Files\SpywareBot\Settings\Settings.stg
C:\Program Files\SpywareBot\Settings
C:\Program Files\SpywareBot
C:\DOCUMENTS AND SETTINGS\JOAN\MY DOCUMENTS\MY PICTURES\SETUP.EXE

Trojan.SearchTool
C:\DOCUMENTS AND SETTINGS\JOAN\DESKTOP\BACKUPS\BACKUP-20070117-184633-745.DLL
C:\DOCUMENTS AND SETTINGS\JOAN\DESKTOP\BACKUPS\BACKUP-20070117-184633-815.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0074157.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP191\A0074158.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP265\A0089740.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP265\A0089741.DLL

Trojan.Downloader-VisCalc
C:\DOCUMENTS AND SETTINGS\JOAN\DESKTOP\BACKUPS\BACKUP-20070117-184633-892.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP265\A0089739.DLL

Adware.BusMaster/SafeSurfing
C:\DOCUMENTS AND SETTINGS\JOAN\DESKTOP\BACKUPS\BACKUP-20070117-184633-945.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP265\A0089738.DLL

Trojan.ErrorSafe
C:\DOCUMENTS AND SETTINGS\JOAN\LOCAL SETTINGS\TEMP\NI.UERS_9999_N91S2507\SETUP.EXE
C:\PROGRAM FILES\REGCURE\BACKUP\REGCUREBAK_JANUARY_07_07_00_28_11\CONTACT CUSTOMER SUPPORT.LNK
C:\PROGRAM FILES\REGCURE\BACKUP\REGCUREBAK_JANUARY_07_07_00_28_11\ERROR SAFE.LNK
C:\PROGRAM FILES\REGCURE\BACKUP\REGCUREBAK_JANUARY_07_07_00_28_11\ERRORSAFE ON THE WEB.LNK
C:\PROGRAM FILES\REGCURE\BACKUP\REGCUREBAK_JANUARY_07_07_00_28_11\UNINSTALL ERRORSAFE.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP252\A0088437.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP252\A0088456.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP252\A0088457.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP252\A0088458.LNK

Adware.AdRotate/System
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP244\A0084159.DLL

Adware.eZula/BannerRotator
C:\WINDOWS\SYSTEM32\BRROT-UNINST.EXE

Adware.RX Toolbar
C:\WINDOWS\TEMP\ADWARE\RXTOOLBAR.EXE
snowwhite8
Active Member
 
Posts: 9
Joined: January 12th, 2007, 8:17 am

Unread postby waterfalls » January 26th, 2007, 12:22 pm

Please post the results of the Panda scan and a new HijackThis log.
User avatar
waterfalls
MRU Emeritus
MRU Emeritus
 
Posts: 70
Joined: December 23rd, 2005, 10:16 am

Panda Scan and new HijackThis scan

Unread postby snowwhite8 » January 26th, 2007, 1:49 pm

Logfile of HijackThis v1.99.1
Scan saved at 17:45:48, on 26/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\VoyagerTest\fts.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Virgin.net Broadband\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Documents and Settings\joan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.virgin.net/ie/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.Net Broadband
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin.net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4050635765
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D12A9BE-8BDB-49A4-970B-DC2C20629431}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Incident Status Location

Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\joan\Cookies\joan@adtech[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\joan\Cookies\joan@atdmt[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\joan\Cookies\joan@bluestreak[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\joan\Cookies\joan@doubleclick[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\joan\Cookies\joan@statse.webtrendslive[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\joan\Cookies\joan@tribalfusion[1].txt
Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\10-47488c40c3cddfee98fc3b173f6d7beb.exe
Adware:Adware/Searchtool Not disinfected C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe
Adware:Adware/Beginto Not disinfected C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe
Adware:Adware/AdRotator Not disinfected C:\WINDOWS\5-a0c18a429b8010fee34ee31d9073371d.exe
snowwhite8
Active Member
 
Posts: 9
Joined: January 12th, 2007, 8:17 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware