Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Very slow computer, Winantivrus and 100% cpu usage


  • This topic is locked This topic is locked

#1
siaus22

siaus22

    Member

  • Member
  • PipPipPip
  • 295 posts
Ok so recently I had been getting pop ups for Winantivirus.com which were infurating and I used prevx to stop them. However, it doesn't seemed to have helped my ccomputer work properly. my cpu is constantly at 100%. Have AVAST AV running and that hasn't found anything along with adware and spybot.

Anyway help really will be appreciated and below is my hijack this log.
Logfile of HijackThis v1.99.1
Scan saved at 18:02:04, on 30/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Downloads\hijackthis\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll (file missing)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TXP] c:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://uk.midas.game....net/midasa.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141802299015
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/...PA.cab38514.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55B01EE5-1E42-4177-B7AD-F0A64A446B6B}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

many many thanks
  • 0

Advertisements


#2
Antartic-Boy

Antartic-Boy

    Visiting Staff

  • Visiting Consultant
  • 1,120 posts
Hi siaus22, and welcome to Geeks to Go.

I'm currently analyzing your log, and will post instructions to start with the clean up soon :whistling: .
  • 0

#3
Antartic-Boy

Antartic-Boy

    Visiting Staff

  • Visiting Consultant
  • 1,120 posts
-----------------------1

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll (file missing)


Now close all windows and browsers other than HiJackThis, then click Fix Checked.
Close HijackThis.

-----------------------2

Now please follow these instructions:
  • Generate uninstall list
  • Reopen HijackThis
  • Click on Config
  • Go to Misc Tools
  • Click the Open Uninstall Manager button
  • Click on Save list... and save it on Desktop
-----------------------3
  • Generate startup list
  • Go to Misc Tools
  • Check the List also minor sections (full) checkbox and the List Empty Sections(Complete) checkbox..
  • Click the Generate StartupList log button
  • Copy all the text and post it here along with the Uninstall list and a fresh Hjt Log..
  • Close HijackThis..

Edited by Antartic-Boy, 30 October 2006 - 02:15 PM.

  • 0

#4
siaus22

siaus22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts
OK when I go to save list for the uninstall manager it just closes Hijackthis. But below is the start up details


StartupList report, 30/10/2006, 20:42:05
StartupList version: 1.52.2
Started from : C:\Downloads\hijackthis(2)\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0011)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\hijackthis(2)\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Simon Austen\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
Logitech Utility = Logi_MwX.Exe
mmtask = c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
RTBatteryMeter = C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
NvMediaCenter = RunDLL32.exe NvMCTray.dll,NvTaskbarInit
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
nwiz = nwiz.exe /install
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
TXP = c:\program files\topthemesxp\txp.exe
PrevxOne = "C:\Program Files\Prevx1\PXConsole.exe"
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Sonic RecordNow! =
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
LDM = \Program\
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

A5F4FF2091B779A8.job
AppleSoftwareUpdate.job
E535FD76969E8062.job
FRU Task #Hewlett-Packard#hp psc 1200 series#1094557063.job
MP Scheduled Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[StagingUI Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\StagingUI.ocx
CODEBASE = http://zone.msn.com/...UI.cab34120.cab

[GameControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Midasa.dll
CODEBASE = http://uk.midas.game....net/midasa.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft....204&clcid=0x409

[CoGSManager Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\GSManager.dll
CODEBASE = http://gamingzone.ub...s/GSManager.cab

[ZoneBuddy Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx
CODEBASE = http://zone.msn.com/...dy.cab32846.cab

[{4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF}]
CODEBASE = http://zone.msn.com/...pcaploader1.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://spaces.msn.co...ad/MsnPUpld.cab

[ZonePAChat Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx
CODEBASE = http://zone.msn.com/...at.cab32846.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1141802299015

[Java Plug-in 1.5.0_08]
InProcServer32 = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zon...nt.cab31267.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab

[YahooYMailTo Class]
InProcServer32 = C:\Program Files\Yahoo!\common\ymmapi.dll
CODEBASE = http://download.yaho...mail/ymmapi.dll

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://zone.msn.com/...ro.cab34246.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_08]
InProcServer32 = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_08]
InProcServer32 = C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[StadiumProxy Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\StProxy.dll
CODEBASE = http://zone.msn.com/...xy.cab35645.cab

[{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}]
CODEBASE = http://zone.msn.com/...aploader_v6.cab

[CheckersZPA Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CheckersZPA.ocx
CODEBASE = http://zone.msn.com/...PA.cab38514.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: System32\DRIVERS\ABP480N5.SYS (system)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
adpu160m: System32\DRIVERS\adpu160m.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Compaq AGP Bus Filter: System32\DRIVERS\agpCPQ.sys (system)
Aha154x: System32\DRIVERS\aha154x.sys (system)
aic78u2: System32\DRIVERS\aic78u2.sys (system)
aic78xx: System32\DRIVERS\aic78xx.sys (system)
SpeedTouch USB ADSL PPP Networking Driver (NDISWAN): System32\DRIVERS\alcan5wn.sys (manual start)
SpeedTouch ADSL Modem ATM Transport: System32\DRIVERS\alcaudsl.sys (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: System32\DRIVERS\aliide.sys (system)
ALI AGP Bus Filter: System32\DRIVERS\alim1541.sys (system)
AMD AGP Bus Filter Driver: System32\DRIVERS\amdagp.sys (system)
AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)
amsint: System32\DRIVERS\amsint.sys (system)
AOL Connectivity Service: C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: System32\DRIVERS\asc.sys (system)
asc3350p: System32\DRIVERS\asc3350p.sys (system)
asc3550: System32\DRIVERS\asc3550.sys (system)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)
avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)
avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
cbidf: System32\DRIVERS\cbidf2k.sys (system)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation Service: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Proxy Service: "C:\Program Files\Norton Internet Security\ccPxySvc.exe" (autostart)
cd20xrnt: System32\DRIVERS\cd20xrnt.sys (system)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
CmdIde: System32\DRIVERS\cmdide.sys (system)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: System32\DRIVERS\cpqarray.sys (system)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: System32\DRIVERS\dac2w2k.sys (system)
dac960nt: System32\DRIVERS\dac960nt.sys (system)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
DP1112: \??\C:\WINDOWS\system32\Drivers\DP.sys (autostart)
dpti2o: System32\DRIVERS\dpti2o.sys (system)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
drvmcdb: system32\DRIVERS\drvmcdb.sys (system)
drvnddm: system32\drivers\drvnddm.sys (autostart)
dtscsi: \SystemRoot\System32\Drivers\dtscsi.sys (manual start)
EagleNT: \??\C:\WINDOWS\system32\drivers\EagleNT.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
gsplittm: \??\C:\DOCUME~1\SIMONA~1\LOCALS~1\Temp\gsplittm.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
hpn: System32\DRIVERS\hpn.sys (system)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: System32\DRIVERS\i2omp.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
ini910u: System32\DRIVERS\ini910u.sys (system)
IntelIde: System32\DRIVERS\intelide.sys (system)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
iTouch Keyboard Filter: system32\DRIVERS\itchfltr.sys (manual start)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Logitech PS/2 Mouse Filter Driver: system32\DRIVERS\L8042pr2.Sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Logitech Mouse Class Filter Driver: system32\DRIVERS\LMouFlt2.Sys (manual start)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
mraid35x: System32\DRIVERS\mraid35x.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
Mtlmnt5: System32\DRIVERS\Mtlmnt5.sys (manual start)
Mtlstrm: System32\DRIVERS\Mtlstrm.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton Internet Security Accounts Manager: "C:\Program Files\Norton Internet Security\NISUM.EXE" (autostart)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NtMtlFax: System32\DRIVERS\NtMtlFax.sys (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
perc2: System32\DRIVERS\perc2.sys (system)
perc2hib: System32\DRIVERS\perc2hib.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (manual start)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Prevx Agent: "C:\Program Files\Prevx1\PXAgent.exe" -f (autostart)
PREVX Kernel Mode Agent: system32\drivers\pxfsf.sys (system)
PREVX Emulator Driver: system32\drivers\pxemu.sys (manual start)
PREVX Tdi filter: system32\drivers\pxtdi.sys (system)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
PREVX Rootkitscan driver: \??\C:\WINDOWS\system32\drivers\pxrd.sys (manual start)
ql1080: System32\DRIVERS\ql1080.sys (system)
Ql10wnt: System32\DRIVERS\ql10wnt.sys (system)
ql12160: System32\DRIVERS\ql12160.sys (system)
ql1240: System32\DRIVERS\ql1240.sys (system)
ql1280: System32\DRIVERS\ql1280.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
recagent: \??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
SONICblue Rio generic driver XP+: System32\Drivers\RIOXDRV.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver: System32\DRIVERS\R8139n51.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
StarForce Protection Environment Driver (version 1.x): System32\drivers\sfdrv01.sys (system)
StarForce Protection Helper Driver (version 2.x): System32\drivers\sfhlp02.sys (system)
StarForce Protection VFS Driver (version 2.x): System32\drivers\sfvfs02.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS315: System32\DRIVERS\sisgrp.sys (manual start)
SiS AGP Filter: System32\DRIVERS\SISAGPX.sys (system)
SiSkp: System32\DRIVERS\srvkp.sys (system)
SmartLink AMR_PCI Driver: System32\DRIVERS\slntamr.sys (manual start)
SlNtHal: System32\DRIVERS\Slnthal.sys (manual start)
SmartLinkService: slserv.exe (autostart)
SlWdmSup: System32\DRIVERS\SlWdmSup.sys (manual start)
Symantec Network Drivers Service: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (manual start)
Sony USB Filter Driver (SONYPVU1): System32\DRIVERS\SONYPVU1.SYS (manual start)
Sparrow: System32\DRIVERS\sparrow.sys (system)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
sptd: System32\Drivers\sptd.sys (system)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
srescan: system32\ZoneLabs\srescan.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
sscdbhk5: system32\drivers\sscdbhk5.sys (system)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
ssrtln: system32\drivers\ssrtln.sys (system)
SAMSUNG Mobile USB Device 1.0 driver (WDM): system32\DRIVERS\ss_bus.sys (manual start)
SAMSUNG Mobile USB Modem 1.0 Filter: system32\DRIVERS\ss_mdfl.sys (manual start)
SAMSUNG Mobile USB Modem 1.0 Drivers: system32\DRIVERS\ss_mdm.sys (manual start)
SigmaTel 3D Environmental Audio: system32\drivers\stac97na.sys (manual start)
STAC97NH: system32\drivers\stac97nh.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
StyleXPHelper: \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe (system)
StyleXPService: "C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe" (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{6B1C53D3-3752-41EB-8F0A-7DB80BFD7AA4} (manual start)
symc810: System32\DRIVERS\symc810.sys (system)
symc8xx: System32\DRIVERS\symc8xx.sys (system)
SYMDNS: \??\C:\WINDOWS\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \??\C:\WINDOWS\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \??\C:\WINDOWS\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS (manual start)
SYMNDIS: \??\C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS (system)
sym_hi: System32\DRIVERS\sym_hi.sys (system)
sym_u3: System32\DRIVERS\sym_u3.sys (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
tfsnboio: system32\dla\tfsnboio.sys (autostart)
tfsncofs: system32\dla\tfsncofs.sys (autostart)
tfsndrct: system32\dla\tfsndrct.sys (autostart)
tfsndres: system32\dla\tfsndres.sys (autostart)
tfsnifs: system32\dla\tfsnifs.sys (autostart)
tfsnopio: system32\dla\tfsnopio.sys (autostart)
tfsnpool: system32\dla\tfsnpool.sys (autostart)
tfsnudf: system32\dla\tfsnudf.sys (autostart)
tfsnudfa: system32\dla\tfsnudfa.sys (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TosIde: System32\DRIVERS\toside.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: System32\DRIVERS\ultra.sys (system)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB Root Hub (usbport): System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
Motorola USB Modem Driver: system32\DRIVERS\usbser.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Messenger Sharing USN Journal Reader service: C:\WINDOWS\system32\svchost.exe -k usnsvc (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: System32\DRIVERS\viaagp.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Defender Service: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Media Connect Service: C:\Program Files\Windows Media Connect 2\wmccds.exe (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: C:\Program Files\Windows Media Player\WMPNetwk.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
YPCService: C:\WINDOWS\system32\YPCSER~1.EXE (disabled)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

0aMCPClient: *Registry key not found*
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 44,171 bytes
Report generated in 0.328 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only





If need be I can copy out all the programs in the uninstall list.
  • 0

#5
Antartic-Boy

Antartic-Boy

    Visiting Staff

  • Visiting Consultant
  • 1,120 posts
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#6
siaus22

siaus22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts
Results from Active scan


Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\lkebvbft.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\repair\dobcrdv.dll
Adware:adware/cws Not disinfected C:\Documents and Settings\Simon Austen\Favorites\Fun & Games
Hacktool:rootkit/zaqt.a Not disinfected hkey_local_machine\system\currentcontrolset\services\DP1112
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Christine Austen\Application Data\Mozilla\Firefox\Profiles\x9x53isy.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[www.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.adtech.de/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.winantivirus.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[www.winantivirus.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.adviva.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[server.iad.liveperson.net/hc/614779]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.overture.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[c5.zedo.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.zedo.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.ehg-micron.hitbox.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.com.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/RealTracker Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[web2.realtracker.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Simon Austen\Cookies\simon [email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Simon Austen\Cookies\simon [email protected][3].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Simon Austen\Cookies\simon [email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Simon Austen\Cookies\[email protected][2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Simon Austen\Cookies\[email protected][2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Simon Austen\Cookies\[email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Simon Austen\Cookies\[email protected][2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Simon Austen\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Simon Austen\Local Settings\Temp\Cookies\simon [email protected][2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Simon Austen\Local Settings\Temp\Cookies\simon [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Simon Austen\Local Settings\Temp\Cookies\simon [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Simon Austen\Local Settings\Temp\Cookies\simon [email protected][2].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Simon Austen\Local Settings\Temp\Cookies\simon [email protected][1].txt
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\Documents and Settings\Simon Austen\Local Settings\Temp\cwifmxsr.dll
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\Documents and Settings\Simon Austen\Local Settings\Temp\ehtxbylw.dll
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\Documents and Settings\Simon Austen\Local Settings\Temp\mhhnmmlx.dll
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\Documents and Settings\Simon Austen\Local Settings\Temp\nwprjsoq.dll
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\Documents and Settings\Simon Austen\Local Settings\Temp\srxfsdht.dll
Adware:Adware/Trymedia Not disinfected C:\Documents and Settings\Simon Austen\My Documents\Amber's\TheGameOfLife-dm.exe
Adware:Adware/IPInsight Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq181.tmp
Spyware:Cookie/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq189.tmp
Spyware:Cookie/2o7 Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25B.tmp
Spyware:Cookie/Adtech Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25E.tmp
Spyware:Cookie/Adviva Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq260.tmp
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq261.tmp
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq262.tmp
Spyware:Cookie/Atwola Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq263.tmp
Spyware:Cookie/Bfast Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq264.tmp
Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq266.tmp
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq267.tmp
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq268.tmp
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq269.tmp
Spyware:Cookie/Cd Freaks Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26A.tmp
Spyware:Cookie/CentrPort Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26B.tmp
Spyware:Cookie/Cgi-bin Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26D.tmp
Spyware:Cookie/Cgi-bin Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26F.tmp
Spyware:Cookie/Com.com Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq272.tmp
Spyware:Cookie/Coremetrics Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq273.tmp
Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq275.tmp
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq276.tmp
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq278.tmp
Spyware:Cookie/Euniverseads Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq279.tmp
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27C.tmp
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27D.tmp
Spyware:Cookie/FastClick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27E.tmp
Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27F.tmp
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq280.tmp
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq281.tmp
Spyware:Cookie/HotLog Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq285.tmp
Spyware:Cookie/Internetfuel Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq287.tmp
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq289.tmp
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28A.tmp
Spyware:Cookie/PayCounter Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28D.tmp
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq290.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq291.tmp
Spyware:Cookie/WUpd Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq292.tmp
Spyware:Cookie/Advertising Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq293.tmp
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq294.tmp
Spyware:Cookie/SexList Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq295.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq296.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq297.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq298.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq299.tmp
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29A.tmp
Spyware:Cookie/Slotch Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29B.tmp
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29C.tmp
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29D.tmp
Spyware:Cookie/Versiontracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29E.tmp
Spyware:Cookie/SaveNow Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29F.tmp
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A0.tmp
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A2.tmp
Spyware:Cookie/Valueclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A3.tmp
Spyware:Cookie/XXXtoolbar Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A5.tmp
Spyware:Cookie/Adserver Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A6.tmp
Spyware:Cookie/Zedo Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A7.tmp
Potentially unwanted tool:Application/Pskill.A Not disinfected C:\WINDOWS\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE]
Potentially unwanted tool:Application/Pskill.A Not disinfected C:\WINDOWS\system\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE]
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\WINDOWS\system32\jwgeufed.dll
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\WINDOWS\system32\srgoieqt.dll
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\WINDOWS\system32\xwqhgkkd.dll
  • 0

#7
siaus22

siaus22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts
Hope this is the right info. Thanks for the help
  • 0

#8
Antartic-Boy

Antartic-Boy

    Visiting Staff

  • Visiting Consultant
  • 1,120 posts
-----------------------1

First download & run this tool..

-----------------------2

Now please save these instructions in notepad for use in Safe Mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Copy everything inside the quote box below (starting with REGEDIT4) and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All Files". Save it as deletekey.reg on your Desktop.

REGEDIT4
[-hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}]
[-hkey_local_machine\system\currentcontrolset\services\DP1112]


Locate deletekey.reg on your Desktop and double-click on it -> Click Yes -> Click OK..

-----------------------3

While in safe mode do the following:

Go to Start -> Run -> type: C:\Documents and Settings\Simon Austen\Local Settings\Temp\ -> Ok -> click on Edit -> Select All -> click on File -> Delete -> click Yes.

Go to Start -> Run -> type: C:\Documents and Settings\Simon Austen\Cookies\ -> Ok -> click on Edit -> Select All -> click on File -> Delete -> click Yes.

Restart your computer in normal mode and proceed with the instructions below..

-----------------------4

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\Simon Austen\My Documents\Amber's\TheGameOfLife-dm.exe
    C:\WINDOWS\system32\jwgeufed.dll
    C:\WINDOWS\system32\srgoieqt.dll
    C:\WINDOWS\system32\xwqhgkkd.dll
    C:\WINDOWS\system32\lkebvbft.dll
    C:\WINDOWS\repair\dobcrdv.dll
    C:\Documents and Settings\Christine Austen\Application Data\Mozilla\Firefox\Profiles\x9x53isy.default\cookies.txt



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

-----------------------5

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido anti-malware it is a free version of the program.
  • Install ewido anti-malware
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

-----------------------6

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

-----------------------7

Post me a fresh Hjt Log along with the Ewido Log..
  • 0

#9
siaus22

siaus22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts
Just updating ewido... however a couple of questions....

1. when I was deleting the temp files it asked about hidden files... do i need to show these so they can be deleted or are they ones that should remain there?

2. i received the PendingFileRenameOperations prompt from kill box

3. I didn't get the additional options on ewido

hope all is still ok for me to proceed
  • 0

#10
Antartic-Boy

Antartic-Boy

    Visiting Staff

  • Visiting Consultant
  • 1,120 posts
1. Yes you can delete the hidden files too.
2. Proceed to the next step.
3. It's ok, just proceed.

Edited by Antartic-Boy, 31 October 2006 - 05:14 PM.

  • 0

Advertisements


#11
siaus22

siaus22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts
ok done all that.

Below is the new HJT log

Logfile of HijackThis v1.99.1
Scan saved at 07:18:16, on 01/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TXP] c:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://uk.midas.game....net/midasa.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141802299015
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/...PA.cab38514.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55B01EE5-1E42-4177-B7AD-F0A64A446B6B}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

And below is the ewido log

Logfile of HijackThis v1.99.1
Scan saved at 07:18:16, on 01/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TXP] c:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://uk.midas.game....net/midasa.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141802299015
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/...PA.cab38514.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55B01EE5-1E42-4177-B7AD-F0A64A446B6B}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

hope this helps. Again thanks for your help.
  • 0

#12
Antartic-Boy

Antartic-Boy

    Visiting Staff

  • Visiting Consultant
  • 1,120 posts

And below is the ewido log


It isn't the Ewido Log, it is the HijackThis Log again..

The Ewido Log should be on your desktop, find it and paste it in your next reply..

* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.


Edited by Antartic-Boy, 01 November 2006 - 07:11 AM.

  • 0

#13
siaus22

siaus22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 07:04:16 01/11/2006

+ Scan result:



HKLM\SOFTWARE\iGlobalMedia -> Adware.AceClubCasino : No action taken.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino -> Adware.AceClubCasino : No action taken.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino -> Adware.AceClubCasino : No action taken.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\options -> Adware.AceClubCasino : No action taken.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\server -> Adware.AceClubCasino : No action taken.
C:\!KillBox\TheGameOfLife-dm.exe -> Adware.Trymedia : No action taken.
C:\Documents and Settings\Simon Austen\My Documents\Amber's\TheGameOfLife-dm.exe -> Adware.Trymedia : No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : No action taken.
C:\!KillBox\jwgeufed.dll -> Logger.VBStat.e : No action taken.
C:\!KillBox\srgoieqt.dll -> Logger.VBStat.e : No action taken.
C:\!KillBox\xwqhgkkd.dll -> Logger.VBStat.e : No action taken.
C:\Documents and Settings\Simon Austen\Local Settings\Temp\cwifmxsr.dll -> Logger.VBStat.e : No action taken.
C:\Documents and Settings\Simon Austen\Local Settings\Temp\ehtxbylw.dll -> Logger.VBStat.e : No action taken.
C:\Documents and Settings\Simon Austen\Local Settings\Temp\mhhnmmlx.dll -> Logger.VBStat.e : No action taken.
C:\Documents and Settings\Simon Austen\Local Settings\Temp\nwprjsoq.dll -> Logger.VBStat.e : No action taken.
C:\Documents and Settings\Simon Austen\Local Settings\Temp\srxfsdht.dll -> Logger.VBStat.e : No action taken.
C:\WINDOWS\system32\jwgeufed.dll -> Logger.VBStat.e : No action taken.
C:\WINDOWS\system32\srgoieqt.dll -> Logger.VBStat.e : No action taken.
C:\WINDOWS\system32\xwqhgkkd.dll -> Logger.VBStat.e : No action taken.
:mozilla.853:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.152:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.153:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.154:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.155:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.156:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.157:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.158:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.159:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.160:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.161:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.162:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.163:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.164:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.165:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.166:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.167:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.168:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.169:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.170:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.171:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.172:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.173:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.174:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.175:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.176:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.177:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.178:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.179:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.180:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.181:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.182:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.183:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.184:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.185:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.186:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.187:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.322:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.323:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.901:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25B.tmp -> TrackingCookie.2o7 : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25D.tmp -> TrackingCookie.Ad-logics : No action taken.
:mozilla.232:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.233:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.234:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.100:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.101:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.102:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.103:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.434:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.435:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.436:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.437:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.438:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.439:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.466:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.548:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.98:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.99:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A6.tmp -> TrackingCookie.Adserver : No action taken.
:mozilla.54:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.55:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25E.tmp -> TrackingCookie.Adtech : No action taken.
:mozilla.34:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.35:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.37:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.38:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.39:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq293.tmp -> TrackingCookie.Advertising : No action taken.
:mozilla.320:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adviva : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq260.tmp -> TrackingCookie.Adviva : No action taken.
:mozilla.30:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq262.tmp -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq264.tmp -> TrackingCookie.Bfast : No action taken.
:mozilla.759:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq266.tmp -> TrackingCookie.Bluestreak : No action taken.
:mozilla.894:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.896:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.897:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.389:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.390:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.135:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.136:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.137:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.138:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.139:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.140:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.141:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq269.tmp -> TrackingCookie.Casalemedia : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26B.tmp -> TrackingCookie.Centrport : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq271.tmp -> TrackingCookie.Clickagents : No action taken.
:mozilla.450:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.719:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.720:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.722:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.723:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.711:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq272.tmp -> TrackingCookie.Com : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq273.tmp -> TrackingCookie.Coremetrics : No action taken.
:mozilla.21:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq276.tmp -> TrackingCookie.Doubleclick : No action taken.
:mozilla.497:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.498:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.697:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq279.tmp -> TrackingCookie.Euniverseads : No action taken.
:mozilla.502:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.503:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.392:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.393:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.394:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.395:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.396:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq261.tmp -> TrackingCookie.Falkag : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27B.tmp -> TrackingCookie.Falkag : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27C.tmp -> TrackingCookie.Falkag : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27D.tmp -> TrackingCookie.Falkag : No action taken.
:mozilla.45:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.46:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.47:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.48:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.49:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.50:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.52:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27E.tmp -> TrackingCookie.Fastclick : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq189.tmp -> TrackingCookie.Gator : No action taken.
:mozilla.481:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.483:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.488:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.662:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.767:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.120:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.121:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.122:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.334:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.335:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.336:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.337:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.338:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.573:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.638:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.685:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.686:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.687:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.688:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.690:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.691:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.692:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.693:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.698:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.777:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.778:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.803:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.821:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.863:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.865:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq278.tmp -> TrackingCookie.Hitbox : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq281.tmp -> TrackingCookie.Hitbox : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq282.tmp -> TrackingCookie.Hitbox : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq283.tmp -> TrackingCookie.Hitbox : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq284.tmp -> TrackingCookie.Hitbox : No action taken.
:mozilla.454:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq285.tmp -> TrackingCookie.Hotlog : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq287.tmp -> TrackingCookie.Internetfuel : No action taken.
:mozilla.414:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.415:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.794:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.799:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.800:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq288.tmp -> TrackingCookie.Mainentrypoint : No action taken.
:mozilla.56:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.57:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28A.tmp -> TrackingCookie.Mediaplex : No action taken.
:mozilla.804:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.805:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.461:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.673:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28D.tmp -> TrackingCookie.Paycounter : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28E.tmp -> TrackingCookie.Paypopup : No action taken.
:mozilla.633:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.634:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.635:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.636:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.215:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.219:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.142:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.143:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.144:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq290.tmp -> TrackingCookie.Questionmarket : No action taken.
:mozilla.892:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Realtracker : No action taken.
:mozilla.235:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.236:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.237:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.238:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.239:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.240:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.241:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.242:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.243:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.244:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.245:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.246:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.247:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.248:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.249:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.250:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.251:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.252:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.311:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.312:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq292.tmp -> TrackingCookie.Revenue : No action taken.
:mozilla.314:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.315:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.316:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq277.tmp -> TrackingCookie.Ru4 : No action taken.
:mozilla.281:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.282:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.283:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.284:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.285:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.286:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq268.tmp -> TrackingCookie.Serving-sys : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq294.tmp -> TrackingCookie.Serving-sys : No action taken.
:mozilla.259:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.260:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.261:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq295.tmp -> TrackingCookie.Sexlist : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq296.tmp -> TrackingCookie.Sextracker : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq297.tmp -> TrackingCookie.Sextracker : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq298.tmp -> TrackingCookie.Sextracker : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq299.tmp -> TrackingCookie.Sextracker : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29A.tmp -> TrackingCookie.Sextracker : No action taken.
:mozilla.517:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.518:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.339:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.340:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.341:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.342:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.343:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.344:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.345:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.346:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.347:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.348:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.349:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.350:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.351:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.352:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.353:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.354:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.355:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.356:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.357:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.358:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.359:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.360:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.361:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.362:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.363:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.364:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.365:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.366:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.367:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.368:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.369:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.370:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.371:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.372:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.373:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.374:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.375:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.376:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.377:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.378:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.379:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.6:C:\!KillBox\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.6:C:\Documents and Settings\Christine Austen\Application Data\Mozilla\Firefox\Profiles\x9x53isy.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29C.tmp -> TrackingCookie.Statcounter : No action taken.
:mozilla.648:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.649:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.650:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29D.tmp -> TrackingCookie.Targetnet : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29F.tmp -> TrackingCookie.Thunderdownloads : No action taken.
:mozilla.62:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.63:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.64:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.65:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A0.tmp -> TrackingCookie.Trafficmp : No action taken.
:mozilla.104:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.105:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.111:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A2.tmp -> TrackingCookie.Tribalfusion : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A3.tmp -> TrackingCookie.Valueclick : No action taken.
:mozilla.419:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A5.tmp -> TrackingCookie.Xxxtoolbar : No action taken.
:mozilla.94:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.95:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.96:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.97:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.535:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.536:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.537:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.538:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.539:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.540:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A7.tmp -> TrackingCookie.Zedo : No action taken.


::Report end

Ewido (now AVG according to website) scan results
  • 0

#14
Antartic-Boy

Antartic-Boy

    Visiting Staff

  • Visiting Consultant
  • 1,120 posts
Ok, let's do the Ewido Scan again..
  • First download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.[list]
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Edited by Antartic-Boy, 02 November 2006 - 12:10 AM.

  • 0

#15
siaus22

siaus22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts
Ok heres the results
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:06:57 02/11/2006

+ Scan result:



:mozilla.44:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.45:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.46:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.47:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.48:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.20:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.21:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.10:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.11:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.8:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.9:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.59:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Adviva : No action taken.
:mozilla.12:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.37:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.38:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.39:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.40:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.42:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.52:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.35:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.36:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.70:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.71:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.72:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.34:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.31:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.32:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.33:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.53:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.28:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.29:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.30:C:\Documents and Settings\Simon Austen\Application Data\Mozilla\Firefox\Profiles\si1os3w0.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end

However, AVAST AV is now reporting that there is a trojan in c:\documents and settings\simon austen\local settings\temp\BJLrmck.dll - but then cannot find the file.

Many thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP