Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Winantivirus 2006 pop-ups

Started by underzim7 , Aug 18 2006 05:24 PM

  • Please log in to reply

#16
underzim7
Posted 20 August 2006 - 08:51 PM

underzim7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Abexo Free Registry Cleaner
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
Audacity 1.2.4
AVG Free Edition
BitComet 0.62
Broadcom Management Programs
Command & Conquer The First Decade
Dell Driver Reset Tool
Dell Support 3.1
Dell Wireless WLAN Card
Digital Line Detect
DivX Converter
DivX Player
DivX Web Player
Google Video Player
High Definition Audio Driver Package - KB835221
Hotfix for Windows XP (KB896344)
Intel® Graphics Media Accelerator Driver for Mobile
Internal Network Card Power Management
Internet Explorer Default Page
iTunes
J2SE Runtime Environment 5.0 Update 8
K-Lite Mega Codec Pack 1.53
Last.fm Player 1.1.4
LimeWire 4.12.3
Macromedia Flash Player 8
Macromedia Shockwave Player
MCU
MediaMonkey 2.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Mozilla Firefox (1.5.0.6)
Musicmatch for Windows Media Player
MyWay Search Assistant
oggcodecs 0.71.0946
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
QuickSet
QuickTime
Retrospect 6.5
Rogers Self Healing (remove only)
Rogers Update Manager (remove only)
Rogers Yahoo! Applications
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
SonicStage 3.4
Synaptics Pointing Device Driver
Trend Micro Anti-Spyware
TrojanHunter 4.5
TweakNow RegCleaner Standard
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
VideoLAN VLC media player 0.8.5
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Winamp (remove only)
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
ZoneAlarm


There you go
  • 0

Advertisements

#17
rambro
Posted 21 August 2006 - 07:50 AM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear underzim7, :whistling:

I was looking at your "Add/Remove Software list" log from your previous post.

The following are optional uninstalls

Note - as with all P2P sharing programs they are susceptible to various forms of malware". That is, a Peer to Peer (P2P) file-sharing client program can be used as a vehicle for downloading spyware on to your computer system.

Uninstall the following program/programs through Add/Remove programs (if they exist):

BitComet 0.62
LimeWire 4.12.3

See the following link as a reference: http://p2p.malwarere....com/index.html - You decide.

If you uninstalled LimeWire you need to remove the next folder also (marked in blue):

C:\Program Files\LimeWire
******************************

You have MyWay Search Assistant on your computer system, which comes installed with some Dell computers. I would optionally recommend removal, and using a safer search bar like the Google Toolbar available at http://toolbar.google.com.

Uninstall the following program/programs through Add/Remove programs:

MyWay Search Assistant

If you uninstalled MyWay Search Bar you need to remove the next folder/folders also:

C:\Program Files\MyWaySA
*****************************************

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546. I suggest you remove the program now.

Uninstall the following program/programs through Add/Remove programs (if they exist):

Viewpoint Manager and/or Viewpoint Media Player

Use the following link as a reference: http://ask-leo.com/viewmgrexe.html

If you uninstalled Viewpoint Manager you need to remove the next folder also:

C:\Program Files\Viewpoint
******************************

The QuickTime Player is a legitimate program, but may interfere with your Real time player, WinAmp player and Windows media player. I suggest you uninstall the following program:

QuickTime

rambro :blink:
  • 0

#18
rambro
Posted 21 August 2006 - 07:53 AM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear underzim7, :whistling:

Please download SilentRunners from here: http://www.silentrun...ent Runners.zip. Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile in a reply to this post.

rambro :blink:
  • 0

#19
underzim7
Posted 21 August 2006 - 10:56 AM

underzim7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"DellSupport" = ""C:\Program Files\Dell Support\DSAgnt.exe" /startup" ["Gteko Ltd."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"SHS" = ""C:\Program Files\Rogers\SelfHealing\SHS.exe" /background" ["Rogers Cable"]
"Update Manager" = ""C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background" ["Rogers Cable Communications Inc. "]
"Yahoo! Pager" = ""C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet" ["Yahoo! Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"SigmatelSysTrayApp" = "stsystra.exe" ["SigmaTel, Inc."]
"Dell QuickSet" = "C:\Program Files\Dell\QuickSet\quickset.exe" [empty string]
"SsAAD.exe" = "C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [null data]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"THGuard" = ""C:\Program Files\TrojanHunter 4.5\THGuard.exe"" ["Mischel Internet Security"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided)
-> {HKLM...CLSID} = "UberButton Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\common\yiesrvc.dll" ["Yahoo!"]
{65D886A2-7CA7-479B-BB95-14D1EFB7946A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "YahooTaggedBM Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\common\YIeTagBm.dll" ["Yahoo! Inc."]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll" ["Sun Microsystems, Inc."]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SidebarAutoLaunch Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\common\ymmapi.dll" ["Yahoo! Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}" = "Trend Micro Anti-Spyware Shell Extension"
-> {HKLM...CLSID} = "Trend Micro Anti-Spyware Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Trend Micro\Tmas\sshook.dll" ["Trend Micro Incorporated"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.5\contmenu.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}" = "Trend Micro Anti-Spyware Shell Extension"
-> {HKLM...CLSID} = "Trend Micro Anti-Spyware Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Trend Micro\Tmas\sshook.dll" ["Trend Micro Incorporated"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.5\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.5\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.5\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Ian Davidson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssmypics.scr" [MS]


Startup items in "Ian Davidson" & "All Users" startup folders:
--------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"]
"Trend Micro Anti-Spyware" -> shortcut to: "C:\Program Files\Trend Micro\Tmas\Tmas.exe -autostart" ["Trend Micro Incorporated"]
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing LP"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_08"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_08"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll" ["Sun Microsystems, Inc."]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\
"ButtonText" = "Rogers Yahoo! Services"
"CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"
-> {HKLM...CLSID} = "UberButton Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\common\yiesrvc.dll" ["Yahoo!"]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Dell Wireless WLAN Tray Service, wltrysvc, "C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe" [null data]
iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Messenger Sharing USN Journal Reader service, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}
NICCONFIGSVC, NICCONFIGSVC, "C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe" ["Dell Inc."]
Retrospect Launcher, RetroLauncher, "C:\Program Files\Dantz\Retrospect\retrorun.exe" ["Dantz Development Corporation"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WMI Performance Adapter, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 38 seconds, including 18 seconds for message boxes)



I removed everything you said except for BitComet and QuickTime, I use both often :whistling:
  • 0

#20
rambro
Posted 21 August 2006 - 11:53 AM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear underzim7, :whistling:

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.
Restart your computer and then post a new HijackThis log, along with the results of the ewido report scan.

In addition, let me know in detail how your computer system is running after performing the above steps. :blink:
  • 0

#21
underzim7
Posted 21 August 2006 - 07:35 PM

underzim7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:28:23 PM 8/21/2006

+ Scan result:



C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : No action taken.
C:\VundoFix Backups\ewiyerqp.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : No action taken.
C:\VundoFix Backups\kujnmkoo.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : No action taken.
C:\VundoFix Backups\weaohtvt.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : No action taken.
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
:mozilla.319:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.263:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.339:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.56:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.57:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.58:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.59:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.60:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Ian Davidson\Cookies\ian [email protected][1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.91:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.92:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.93:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Ian Davidson\Cookies\ian davidson@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.355:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.356:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.357:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.264:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.267:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Ian Davidson\Cookies\ian [email protected][2].txt -> TrackingCookie.Adtrak : No action taken.
:mozilla.100:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.101:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.102:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.98:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.99:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.76:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Ian Davidson\Cookies\ian davidson@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.235:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.131:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.113:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.114:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.115:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.120:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.121:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.122:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.123:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.124:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.125:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.400:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.231:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\Ian Davidson\Cookies\ian [email protected][2].txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.247:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.26:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.134:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.135:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.136:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.137:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.138:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.139:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.140:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.152:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.159:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.160:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.161:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.162:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.163:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.164:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.165:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.166:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.167:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.168:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.169:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.180:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.182:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.189:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.190:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.191:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.192:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.193:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.194:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.195:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.37:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.38:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.48:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.66:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Ian Davidson\Cookies\ian [email protected][1].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.117:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.118:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.119:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.127:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.128:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.170:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.174:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.175:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.209:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.210:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.340:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.344:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.39:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.43:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Ian Davidson\Cookies\ian davidson@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.82:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.83:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.84:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.85:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.41:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.42:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.86:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.87:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.88:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.248:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.249:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.250:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.251:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.279:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.236:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.237:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.238:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.239:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.240:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.184:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.186:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.188:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.205:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.206:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.207:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.208:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.132:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.133:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.112:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.116:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.301:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.302:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.255:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.256:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.257:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.258:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.259:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.260:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.126:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.156:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.146:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.147:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.148:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.149:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.150:C:\Documents and Settings\Ian Davidson\Application Data\Mozilla\Firefox\Profiles\9oftvqq8.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end





Logfile of HijackThis v1.99.1
Scan saved at 10:33:16 PM, on 8/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/myway
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



Things seem to be running fine
  • 0

#22
rambro
Posted 21 August 2006 - 07:49 PM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear underzim7, :whistling:

Can you do me a favor and read through my last post "carefully" again and re-run that post for me again. Thank you for cooperation. :blink:

rambro :help:
  • 0

#23
underzim7
Posted 21 August 2006 - 07:52 PM

underzim7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
are you sure? I read over the post carefully again and am positive that I carried out each specified step....what exactly is wrong with my computer? :whistling:

Edited by underzim7, 21 August 2006 - 07:52 PM.

  • 0

#24
rambro
Posted 21 August 2006 - 08:10 PM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear underzim7, :whistling:

Here you go:

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
[*]Under "Reports"[list]
[*]Select "Automatically generate report after every scan"
[*]Un-Select "Only if threats were found"


and

[*]Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
[*]ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
[*]If you have any infections you will prompted, then select "Apply all actions"


In other words, I want you to "fix" anything the ewido scan finds and send it to "quarintine". You ran the ewido scan, but you did not fix what it found. :blink:

rambro :help:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP