Trojan is driving me NUTS

Comments

• Trogan London, UK

  July 2006 edited July 2006

  Hi Viscera, Welcome to Short-Media!
  
  Sorry for the delay. Since its been a few days, your log may have changed. If you still require help, please post a new HijackThis log.

  0
• Viscera

  July 2006 edited July 2006

  Thanks alot, I removed the exe file to no avail. This is literally driving me over the edge. Any help would be appreciated.
  
  Updated Log:
  
  Logfile of HijackThis v1.99.1
  Scan saved at 1:07:02 PM, on 7/21/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
  C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
  c:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
  C:\Program Files\mcafee.com\personal firewall\MPFService.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\VentSrv\ventrilo_svc.exe
  C:\Program Files\VentSrv\ventrilo_srv.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\windows\system\hpsysdrv.exe
  C:\HP\KBD\KBD.EXE
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\WINDOWS\system32\hphmon05.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\AOLSoftware.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
  C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
  C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
  C:\Program Files\Winamp\winampa.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\AGEIA Technologies\TrayIcon.exe
  C:\Program Files\dvd43\dvd43_tray.exe
  C:\WINDOWS\ALCXMNTR.EXE
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\America Online 9.0e\waol.exe
  C:\Program Files\America Online 9.0e\shellmon.exe
  C:\WINDOWS\system32\HPZipm12.exe
  c:\program files\common files\aol\1137959279\ee\aolssc.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Program Files\Windows Media Player\wmplayer.exe
  C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
  
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
  R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
  O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137959279\ee\AOLSoftware.exe
  O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1137959279\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
  O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
  O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
  O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
  O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
  O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
  O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
  O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
  O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
  O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
  O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0e\AOL.EXE" -b
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
  O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151881651781
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
  O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

  0
• Trogan London, UK

  July 2006 edited July 2006

  Viscera, can you do the following:
  
  Please download Ewido to your Desktop or to your usual Download Folder.
  http://www.ewido.net/en/download/

  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

  If you are having problems with the updater, you can use this link to manually update ewido.
  Ewido manual updates.
  Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.
  
  
  Click My Computer, then C:\
  In the menu bar, go to File -> New -> Folder.
  That will create a folder named New Folder, which you can rename to "BFU"
  
  Please download Brute Force Uninstaller.
  Unzip it to its own folder (c:\BFU)
  
  Next, RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover. Save it in the folder you made earlier (c:\BFU).
  
  Do not run the Uninstaller and the Remover yet.
  
  
  Please reboot into Safe Mode:
  1) Restart your computer
  2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3) Instead of Windows loading as normal, a menu should appear
  4) Select the first option, to run Windows in Safe Mode.
  
  
  Once in Safe Mode: Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.

  • Click on Scanner
  • Click on the Settings tab.
    • Under How to act?
      Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      All checkboxes should be ticked.
    • Under Possibly unwanted software:
      All checkboxes should be ticked.
    • Under Reports:
      Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished:
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

  
  Open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe
  
  In the script line to execute field copy and paste c:\bfu\alcanshorty.bfu
  Press execute and let it do its job.
  
  Wait for the complete script execution box to pop up and press OK.
  Press exit to terminate the BFU program.
  
  
  Open HijackThis
  - Click the Do a system scan only button
  - Check the following entries (below)
  
  O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
  O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
  
  O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU
  
  - Close ALL open windows (especially Internet Explorer!)
  Click Fix Checked
  
  
  Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.

  0
• Viscera

  July 2006 edited July 2006

  Logfile of HijackThis v1.99.1
  Scan saved at 9:31:23 PM, on 7/21/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
  C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  c:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\Program Files\mcafee.com\personal firewall\MPFService.exe
  C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\VentSrv\ventrilo_svc.exe
  C:\Program Files\VentSrv\ventrilo_srv.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\windows\system\hpsysdrv.exe
  C:\HP\KBD\KBD.EXE
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\WINDOWS\system32\hphmon05.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\AOLSoftware.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
  C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
  C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
  C:\Program Files\Winamp\winampa.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\AGEIA Technologies\TrayIcon.exe
  C:\Program Files\dvd43\dvd43_tray.exe
  C:\Program Files\ewido anti-spyware 4.0\ewido.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
  C:\Program Files\America Online 9.0e\waol.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\America Online 9.0e\shellmon.exe
  c:\program files\common files\aol\1137959279\ee\aolssc.exe
  C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
  
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
  R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
  O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137959279\ee\AOLSoftware.exe
  O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1137959279\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
  O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
  O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
  O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
  O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
  O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
  O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
  O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
  O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
  O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0e\AOL.EXE" -b
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
  O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151881651781
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
  O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

  0
• Viscera

  July 2006 edited July 2006

  ewido anti-spyware - Scan Report

  ---

  
  + Created at: 9:15:51 PM 7/21/2006
  
  + Scan result:
  
  
  
  C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
  C:\WINDOWS\HPOins07.log:avwaw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\HPOins07.log:azrmj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\HPOins07.log:uatot -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\HPOins07.log:unseg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\KB873333.log:gmlwu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\KB873333.log:slmtg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\KB873333.log:uwiid -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\KB873333.log:xmlau -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\KB873333.log:xqxvz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\KB886185.log:dnxnf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\KB888302.log:nylwr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\KB888302.log:pggrb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\KB888302.log:xouuo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\KB888302.log:zgrvs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\KB890859.log:csvft -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\KB893066.log:wlcxc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\STORYMKR.INI:ejfvb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\SYMEVENT.LOG:dnlwq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\SYMEVENT.LOG:lfldu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\WSST_Screen_Saver.ini:epzfo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\WSST_Screen_Saver.ini:ujbqk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\WSST_Screen_Saver.ini:zdsph -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\WSST_Screen_Saver.ini:zqyjh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\hphmdl02.dat.temp:desnn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\setupapi.log.0.old:agena -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\setupapi.log.0.old:eeinh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\setupapi.log.0.old:hxviw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\setupapi.log.0.old:lhyel -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\setupapi.log.0.old:scozw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\setupapi.log.2.old:dvmjj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\setupapi.log.2.old:jxbhm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\setupapi.log.2.old:vtaso -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\updspapi.log:lxhyb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\updspapi.log:rtzhb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\updspapi.log:vliyg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\videoimp.ini:xvwnj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
  C:\WINDOWS\DHCPUPG.LOG:djyaf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\DHCPUPG.LOG:eecmp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\DHCPUPG.LOG:icvsj -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\DirectX.log:gcsxw -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\DirectX.log:ntivq -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\DirectX.log:oagfg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\HPHins02.dat.temp:cyxms -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\HPHins02.dat.temp:lwxmz -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\HPHins02.dat.temp:royvd -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\HPOins07.log:addla -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\HPOins07.log:qgbqg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\HPOins07.log:rnjjk -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\HPOins07.log:wrdcb -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\HPOins07.log:ypdly -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Hposcv07.INI:oojhs -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB867282.log:nuafq -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB867282.log:scpiy -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB873333.log:cehza -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB873333.log:idenb -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB873333.log:mdwxf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB873339.log:qvugl -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB885835.log:ayjkx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB885835.log:xakne -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB885835.log:ypdly -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB885836.log:hrymn -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB885836.log:royvd -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB885836.log:xdsjt -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB885836.log:znndo -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB886185.log:fyttz -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB886185.log:iooti -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB886185.log:roohq -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB886185.log:xohdy -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB886185.log:zriov -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB887472.log:maies -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB887472.log:tzuxz -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB887472.log:vnpmd -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB887742.log:eekrx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB887742.log:guqvo -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB887742.log:vckoc -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB887742.log:xintf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB887742.log:xoqsb -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB887742.log:xxrte -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB888113.log:luebn -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB888113.log:xqjti -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB888302.log:hkqbu -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB888302.log:oekay -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB888302.log:txfmw -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB888302.log:zdowo -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB890047.log:yetvm -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB890175.log:gpixt -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB890175.log:zvgaj -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB890859.log:mbnig -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB890859.log:uwjnk -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB890923.log:ejxvi -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB890923.log:kdray -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB890923.log:xyorg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB890923.log:ycyut -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB891781.log:zcasy -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB893066.log:egqph -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB893066.log:fjmjq -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB893066.log:iqnbc -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB893066.log:itifd -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB893066.log:tuesw -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB893066.log:uudpb -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB893066.log:yzwon -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB893086.log:ahjjy -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB893086.log:cdbfb -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB893086.log:diqsy -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB893086.log:erldf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB893086.log:ipxek -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB893803.log:mksgd -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB893803.log:xqdek -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\KB893803.log:zgxsi -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\LPT$VPN.735:qkrve -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\NeroDigital.ini:allso -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\NeroDigital.ini:flova -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\NeroDigital.ini:znxvt -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Q810243.log:ohhrh -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Quicken.ini:pcrbk -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Quicken.ini:ueawy -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\Quicken.ini:yggaz -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\STORYMKR.INI:hspcj -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\STORYMKR.INI:pvxqp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\SYMEVENT.LOG:ktoyk -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\SYMEVENT.LOG:kyhii -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\SYMEVENT.LOG:tdben -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\VGAsetup(2).ini:ghbjg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\VGAsetup(2).ini:pelhl -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\VGAsetup(2).ini:qebop -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\VGAsetup(2).ini:ywocg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\VGAsetup.ini:cohry -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\VGAsetup.ini:pelhl -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\VGAsetup.ini:qebop -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\WININIT.INI:ucmjx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\atid.ini:bcdaw -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\atid.ini:ixwwk -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\atid.ini:ydrad -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\atid.ini:yqhaf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\cdplayer.ini:mdgco -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\cdplayer.ini:muxjl -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\cdplayer.ini:rxsgg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\cdplayer.ini:rzans -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\checkip.dat:mrtpp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\hphmdl02.dat.temp:lepxn -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\hphmdl02.dat.temp:ozyic -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\hphmdl02.dat.temp:skrnt -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\hphmdl02.dat.temp:zwjag -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\iPlayer.INI:auwpm -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\iPlayer.INI:fcfgp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\iPlayer.INI:kotch -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\iPlayer.INI:lkguf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\iPlayer.INI:ntrwa -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\iPlayer.INI:xovwd -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ipconfig.dat:dofev -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ipconfig.dat:mvhqg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\jhpdd.dat:gobil -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\jhpdd.dat:kpytk -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\jhpdd.dat:pbyir -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\jhpdd.dat:vdjcz -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\jkspr.log:kzzkp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\jkspr.log:moubo -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\jkspr.log:plmae -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ka.ini:vwzxl -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\mozver.dat:jtyqr -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\mozver.dat:kdxmy -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\mozver.dat:sohbh -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\msoffice.ini:iyyic -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\msoffice.ini:muuqm -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\msoffice.ini:nseoc -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\msoffice.ini:zlywa -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\njacy.log:bustw -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\nsreg.dat:mcztj -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\nsreg.dat:pmeqx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\nsreg.dat:snbqm -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\ntbtlog.txt:cwzii -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\pss\system.ini.backup:ohjwz -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\pss\system.ini.backup:pemhp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\pss\win.ini.backup:aspau -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\pss\win.ini.backup:bqrei -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\pss\win.ini.backup:ipodp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\pss\win.ini.backup:wtzej -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\setupapi.log.0.old:aqnvp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\setupapi.log.0.old:mmpdz -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\setupapi.log.0.old:sujrs -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\setupapi.log.1.old:fckoe -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\setupapi.log.2.old:ekamx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\setupapi.log.2.old:rjxcu -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\setupapi.log.2.old:ymypg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\tsc.ptn:ffwlg -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\unwash.mld:ckqtv -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\unwash.mld:cxhjb -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\unwash.mld:wpebs -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\updspapi.log:mudxq -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\updspapi.log:suwub -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\updspapi.log:vlutw -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\updspapi.log:ydqai -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\upst.ini:ficim -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\upst.ini:vupyp -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\upst.ini:xeddh -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\videoimp.ini:cvczx -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\videoimp.ini:gjtne -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\videoimp.ini:gnljd -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\videoimp.ini:hcqay -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\videoimp.ini:qirjt -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\videoimp.ini:vylry -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\webshots.bmp:nmonhe -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  C:\WINDOWS\webshots.bmp:upsws -> Downloader.Agent.bq : Cleaned with backup (quarantined).
  :mozilla.130:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  :mozilla.131:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  :mozilla.132:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  :mozilla.133:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  :mozilla.134:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  :mozilla.135:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  :mozilla.136:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  :mozilla.137:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  :mozilla.138:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  :mozilla.212:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@efashionsolutions.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@livenation.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@raymoursfurniturecompanyinc.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sento.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
  :mozilla.48:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
  :mozilla.50:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
  :mozilla.51:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
  :mozilla.52:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
  :mozilla.53:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
  :mozilla.54:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
  :mozilla.186:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
  :mozilla.187:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
  :mozilla.357:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
  :mozilla.358:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
  :mozilla.18:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
  :mozilla.27:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
  :mozilla.28:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
  :mozilla.29:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
  :mozilla.30:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
  :mozilla.7:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
  :mozilla.230:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
  :mozilla.183:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
  :mozilla.15:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
  :mozilla.82:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
  :mozilla.83:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
  :mozilla.112:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
  :mozilla.113:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
  :mozilla.116:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
  :mozilla.117:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
  :mozilla.302:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
  :mozilla.303:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
  :mozilla.239:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
  :mozilla.61:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfk4ald5ehq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wgkykmdzweo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
  :mozilla.16:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
  :mozilla.125:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
  :mozilla.171:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
  :mozilla.172:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
  :mozilla.327:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
  :mozilla.334:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
  :mozilla.345:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
  :mozilla.346:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
  :mozilla.347:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
  :mozilla.348:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
  :mozilla.248:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
  :mozilla.249:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
  :mozilla.74:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
  :mozilla.67:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
  :mozilla.7:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\47mfy7ft.Matthew John\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
  :mozilla.8:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\47mfy7ft.Matthew John\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
  :mozilla.300:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
  :mozilla.338:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
  :mozilla.339:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
  :mozilla.340:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
  :mozilla.123:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
  :mozilla.124:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
  :mozilla.200:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
  :mozilla.201:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
  :mozilla.202:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
  :mozilla.203:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
  :mozilla.204:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
  :mozilla.184:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
  :mozilla.359:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
  :mozilla.360:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
  :mozilla.56:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
  :mozilla.57:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
  :mozilla.58:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
  :mozilla.59:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
  :mozilla.60:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
  :mozilla.257:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
  :mozilla.258:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
  :mozilla.259:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
  :mozilla.182:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  :mozilla.20:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  :mozilla.22:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  :mozilla.23:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  :mozilla.24:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  :mozilla.25:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  :mozilla.26:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
  :mozilla.87:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
  :mozilla.31:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
  :mozilla.32:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
  :mozilla.33:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
  :mozilla.34:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
  :mozilla.35:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
  :mozilla.36:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
  :mozilla.37:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
  :mozilla.38:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
  :mozilla.62:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
  :mozilla.63:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
  :mozilla.64:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
  :mozilla.65:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
  :mozilla.66:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
  :mozilla.21:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
  :mozilla.251:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
  :mozilla.43:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
  :mozilla.44:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
  :mozilla.45:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
  :mozilla.46:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
  :mozilla.47:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
  C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
  :mozilla.225:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
  :mozilla.226:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
  C:\WINDOWS\VGAsetup(2).ini:ulwhnu -> Trojan.Agent.bi : Cleaned with backup (quarantined).
  C:\WINDOWS\VGAsetup.ini:ulwhnu -> Trojan.Agent.bi : Cleaned with backup (quarantined).
  C:\WINDOWS\upst.ini:ckdclk -> Trojan.Agent.bi : Cleaned with backup (quarantined).
  
  
  ::Report end

  0
• Trogan London, UK

  July 2006 edited July 2006

  Can you do the following:
  
  Update your Java.
  Older versions have vulnerabilities that malware can use to infect your system.
  Please follow these steps to remove older version Java components.

  • Close any programmes you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer once all Java components are removed.

  Then download the latest version of Java Runtime Environment, and install it to your computer.
  
  =====
  
  Please run this online scan:
  
  Panda ActiveScan
  
  - Once you are on the Panda site, click the Scan your PC button
  - A new window will open...click the Check Now button
  - Enter your Country
  - Enter your State/Province
  - Enter your e-mail address and click send
  - Select either Home User or Company
  - Click the big Scan Now button
  - If it wants to install an ActiveX component allow it
  - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  - When download is complete, click on Local Disks to start the scan
  - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
  
  Post the contents of the Panda scan report, along with a new HijackThis Log
  
  I would like to see another log from HijackThis

  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button. It will open a Notepad file.
  • Copy & Paste the entire contents of that file in your in your next post.

  
  
  Let me know how things are.

  0
• Viscera

  July 2006 edited July 2006

  Thanks for your efforts.
  
  Active Scan:
  
  Incident Status Location
  
  Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.2o7.net/]
  Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.maxserving.com/]
  Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.belnk.com/]
  Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.adopt.hbmediapro.com/]
  Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.winfixer.com/]
  Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.realmedia.com/]
  Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.atwola.com/]
  Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\tizupd.bin[Mshtml3.exe]
  Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[2].txt
  Spyware:Cookie/Admotion Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@admotion.com[2].txt
  Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@anm.co[2].txt
  Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atwola[1].txt
  Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@belnk[1].txt
  Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@casalemedia[1].txt
  Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cdfreaks[1].txt
  Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@club.cdfreaks[2].txt
  Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ct.360i[2].txt
  Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@dist.belnk[2].txt
  Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@go[2].txt
  Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@maxserving[2].txt
  Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@offeroptimizer[2].txt
  Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@outster[2].txt
  Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@perf.overture[1].txt
  Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[1].txt
  Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@server.iad.liveperson[2].txt
  Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@toplist[1].txt
  Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[1].txt
  Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@xiti[1].txt
  Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@belnk[1].txt
  Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@dist.belnk[2].txt
  Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
  Adware:Adware/Look2Me Not disinfected C:\WINDOWS\Downloaded Program Files\pinstall.dll
  Adware:adware/searchaid Not disinfected C:\WINDOWS\sdkrm32.exe
  Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\system32\f3PSSavr.scr
  Hijack This Log:
  
  
  Logfile of HijackThis v1.99.1
  Scan saved at 10:27:40 AM, on 7/22/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
  C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  c:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\Program Files\mcafee.com\personal firewall\MPFService.exe
  C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\VentSrv\ventrilo_svc.exe
  C:\Program Files\VentSrv\ventrilo_srv.exe
  C:\windows\system\hpsysdrv.exe
  C:\HP\KBD\KBD.EXE
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\WINDOWS\system32\hphmon05.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\AOLSoftware.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
  C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
  C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  C:\Program Files\Winamp\winampa.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\AGEIA Technologies\TrayIcon.exe
  C:\Program Files\dvd43\dvd43_tray.exe
  C:\Program Files\ewido anti-spyware 4.0\ewido.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
  C:\WINDOWS\System32\svchost.exe
  c:\program files\common files\aol\1137959279\ee\aolssc.exe
  C:\Program Files\America Online 9.0e\waol.exe
  C:\Program Files\America Online 9.0e\shellmon.exe
  C:\Program Files\hijackthis\HijackThis.exe
  
  R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
  O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
  O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137959279\ee\AOLSoftware.exe
  O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1137959279\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
  O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
  O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
  O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
  O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
  O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
  O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
  O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
  O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
  O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0e\AOL.EXE" -b
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
  O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
  O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151881651781
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
  O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
  
  
  
  
  
  Misc Tools HiJackThis List:
  Adobe Bridge 1.0
  Adobe Common File Installer
  Adobe Help Center 1.0
  Adobe Photoshop CS2
  Adobe Reader 7.0
  Adobe Stock Photos 1.0
  AGEIA PhysX v2.4.3
  Agere Systems PCI Soft Modem
  America Online (Choose which version to remove)
  AOL Coach Version 2.0(Build:20041026.5 en)
  AOL Deskbar
  AOL Toolbar
  AOL Uninstaller (Choose which Products to Remove)
  AOL You've Got Pictures Screensaver
  ArcSoft PhotoImpression 5
  ATI - Software Uninstall Utility
  ATI Control Panel
  ATI Display Driver
  Audacity 1.2.4
  Creative WebCam Center
  Creative WebCam Instant Driver (1.01.02.0729)
  DivX
  DivX Converter
  DivX Player
  DivX Web Player
  DVD Decrypter (Remove Only)
  DVD Shrink 3.2
  DVD43 v3.9.0
  ewido anti-spyware 4.0
  GdiplusUpgrade
  Google Toolbar for Internet Explorer
  High Definition Audio Driver Package - KB835221
  HijackThis 1.99.1
  HP Software Update
  HydraVision
  InterVideo DiscLabel
  InterVideo WinDVD Creator
  InterVideo WinDVD Player
  iTunes
  iVisit 3.5.4
  J2SE Runtime Environment 5.0 Update 7
  KBD
  LiveUpdate 2.5 (Symantec Corporation)
  Macromedia Flash Player 8
  Macromedia Shockwave Player
  Microsoft .NET Framework 1.1
  Microsoft Office XP Professional with FrontPage
  Microsoft Plus! Digital Media Edition Installer
  Microsoft Plus! Photo Story 2 LE
  Microsoft Visual J# .NET Redistributable Package 1.1
  Microsoft Works
  Mozilla Firefox (1.5)
  Nero 7 Demo
  Nero Suite
  NVIDIA GART Driver
  Panda ActiveScan
  PC-Doctor for Windows
  Photosmart 140,240,7200,7600,7700,7900 Series
  PS2
  Pure Networks Port Magic
  Python 2.2 combined Win32 extensions
  Python 2.2.1
  QuickTime
  RealPlayer
  Security Update for Step By Step Interactive Training (KB898458)
  Security Update for Windows Media Player (KB911564)
  Security Update for Windows Media Player 10 (KB917734)
  Security Update for Windows XP (KB890046)
  Security Update for Windows XP (KB893756)
  Security Update for Windows XP (KB896358)
  Security Update for Windows XP (KB896422)
  Security Update for Windows XP (KB896423)
  Security Update for Windows XP (KB896424)
  Security Update for Windows XP (KB896428)
  Security Update for Windows XP (KB899587)
  Security Update for Windows XP (KB899591)
  Security Update for Windows XP (KB900725)
  Security Update for Windows XP (KB901017)
  Security Update for Windows XP (KB901214)
  Security Update for Windows XP (KB902400)
  Security Update for Windows XP (KB904706)
  Security Update for Windows XP (KB905414)
  Security Update for Windows XP (KB905749)
  Security Update for Windows XP (KB908519)
  Security Update for Windows XP (KB911562)
  Security Update for Windows XP (KB911567)
  Security Update for Windows XP (KB911927)
  Security Update for Windows XP (KB912919)
  Security Update for Windows XP (KB913580)
  Security Update for Windows XP (KB914388)
  Security Update for Windows XP (KB914389)
  Security Update for Windows XP (KB916281)
  Security Update for Windows XP (KB917159)
  Security Update for Windows XP (KB917344)
  Security Update for Windows XP (KB917953)
  Security Update for Windows XP (KB918439)
  Skype 2.5
  TeamSpeak 2 RC2
  Update for Windows XP (KB894391)
  Update for Windows XP (KB898461)
  Update for Windows XP (KB900485)
  Update for Windows XP (KB908531)
  Update for Windows XP (KB910437)
  Update for Windows XP (KB911280)
  Update for Windows XP (KB916595)
  Ventrilo Client
  Ventrilo Server
  Viewpoint Media Player
  Winamp (remove only)
  Windows Installer 3.1 (KB893803)
  Windows Media Format Runtime
  Windows Media Player 10
  Windows XP Hotfix - KB873339
  Windows XP Hotfix - KB883667
  Windows XP Hotfix - KB885835
  Windows XP Hotfix - KB885836
  Windows XP Hotfix - KB885884
  Windows XP Hotfix - KB886185
  Windows XP Hotfix - KB887472
  Windows XP Hotfix - KB887742
  Windows XP Hotfix - KB888113
  Windows XP Hotfix - KB888302
  Windows XP Hotfix - KB890859
  Windows XP Hotfix - KB891781
  World of Warcraft

  0
• Trogan London, UK

  July 2006 edited July 2006

  Sorry for the delay...
  
  Go to Start > Control Panel > Internet Options.
  Under the General tab click the Delete Files... button; check the Delete all offline content box and press OK. Next, click the Delete Cookies... button and press OK
  
  Go to "Start" -> "Run" and type in the box: "cleanmgr" press OK. Select the drive where your Operating System is installed (Default is C:) and press OK. Let Disk Cleanup scan your system for files to remove (it takes a few minutes!). On the next screen make sure these 3 options are checked and then press "OK" to remove:
  

  • Temporary Files
  • Temporary Internet Files
  • Recycle Bin

  =====
  
  Go to Start > Run > type: appwiz.cpl. Next, check if the following are in the list:
  

  • PuritySCAN By OIN
  • OuterInfo
  • OIN or similar.

  If so, click on it and click remove.
  Reboot your computer and delete this folder if found:
  C:\Program Files\PurityScan
  
  If any of the above are not listed, download and run this uninstaller:
  Uninstaller
  
  Tutorial for the uninstaller if needed
  
  Reboot when done and delete this folder if found:
  C:\Program Files\PurityScan
  
  =====
  
  Download L2mfix from one of these two locations:
  
  http://www.atribune.org/downloads/l2mfix.exe
  http://www.downloads.subratam.org/l2mfix.exe
  
  Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.
  
  IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

  0
• Viscera

  July 2006 edited July 2006

  Thanks again for going through all this, alas it is still popping up.
  
  L2MFIX find log 051206
  These are the registry keys present
  **********************************************************************************
  Winlogon/notify:
  Windows Registry Editor Version 5.00
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
  "DLLName"="Ati2evxx.dll"
  "Asynchronous"=dword:00000000
  "Impersonate"=dword:00000001
  "Lock"="AtiLockEvent"
  "Logoff"="AtiLogoffEvent"
  "Logon"="AtiLogonEvent"
  "Disconnect"="AtiDisConnectEvent"
  "Reconnect"="AtiReConnectEvent"
  "Safe"=dword:00000000
  "Shutdown"="AtiShutdownEvent"
  "StartScreenSaver"="AtiStartScreenSaverEvent"
  "StartShell"="AtiStartShellEvent"
  "Startup"="AtiStartupEvent"
  "StopScreenSaver"="AtiStopScreenSaverEvent"
  "Unlock"="AtiUnLockEvent"
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
  "Asynchronous"=dword:00000000
  "Impersonate"=dword:00000000
  "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
  "Logoff"="ChainWlxLogoffEvent"
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
  "Asynchronous"=dword:00000000
  "Impersonate"=dword:00000000
  "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
  "Logoff"="CryptnetWlxLogoffEvent"
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
  "DLLName"="cscdll.dll"
  "Logon"="WinlogonLogonEvent"
  "Logoff"="WinlogonLogoffEvent"
  "ScreenSaver"="WinlogonScreenSaverEvent"
  "Startup"="WinlogonStartupEvent"
  "Shutdown"="WinlogonShutdownEvent"
  "StartShell"="WinlogonStartShellEvent"
  "Impersonate"=dword:00000000
  "Asynchronous"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
  @=""
  "DLLName"="igfxsrvc.dll"
  "Asynchronous"=dword:00000001
  "Impersonate"=dword:00000001
  "Unlock"="WinlogonUnlockEvent"
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
  "DLLName"="wlnotify.dll"
  "Logon"="SCardStartCertProp"
  "Logoff"="SCardStopCertProp"
  "Lock"="SCardSuspendCertProp"
  "Unlock"="SCardResumeCertProp"
  "Enabled"=dword:00000001
  "Impersonate"=dword:00000001
  "Asynchronous"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
  "Asynchronous"=dword:00000000
  "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
  "Impersonate"=dword:00000000
  "StartShell"="SchedStartShell"
  "Logoff"="SchedEventLogOff"
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
  "Logoff"="WLEventLogoff"
  "Impersonate"=dword:00000000
  "Asynchronous"=dword:00000001
  "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
  "DLLName"="WlNotify.dll"
  "Lock"="SensLockEvent"
  "Logon"="SensLogonEvent"
  "Logoff"="SensLogoffEvent"
  "Safe"=dword:00000001
  "MaxWait"=dword:00000258
  "StartScreenSaver"="SensStartScreenSaverEvent"
  "StopScreenSaver"="SensStopScreenSaverEvent"
  "Startup"="SensStartupEvent"
  "Shutdown"="SensShutdownEvent"
  "StartShell"="SensStartShellEvent"
  "PostShell"="SensPostShellEvent"
  "Disconnect"="SensDisconnectEvent"
  "Reconnect"="SensReconnectEvent"
  "Unlock"="SensUnlockEvent"
  "Impersonate"=dword:00000001
  "Asynchronous"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
  "Asynchronous"=dword:00000000
  "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
  "Impersonate"=dword:00000000
  "Logoff"="TSEventLogoff"
  "Logon"="TSEventLogon"
  "PostShell"="TSEventPostShell"
  "Shutdown"="TSEventShutdown"
  "StartShell"="TSEventStartShell"
  "Startup"="TSEventStartup"
  "MaxWait"=dword:00000258
  "Reconnect"="TSEventReconnect"
  "Disconnect"="TSEventDisconnect"
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
  "Logon"="WLEventLogon"
  "Logoff"="WLEventLogoff"
  "Startup"="WLEventStartup"
  "Shutdown"="WLEventShutdown"
  "StartScreenSaver"="WLEventStartScreenSaver"
  "StopScreenSaver"="WLEventStopScreenSaver"
  "Lock"="WLEventLock"
  "Unlock"="WLEventUnlock"
  "StartShell"="WLEventStartShell"
  "PostShell"="WLEventPostShell"
  "Disconnect"="WLEventDisconnect"
  "Reconnect"="WLEventReconnect"
  "Impersonate"=dword:00000001
  "Asynchronous"=dword:00000000
  "SafeMode"=dword:00000001
  "MaxWait"=dword:ffffffff
  "DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
  6c,00,6c,00,00,00
  "Event"=dword:00000000
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
  "Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
  00,00,1d,81,f9,83,f0,52,3a,49,88,01,d2,ba,8a,ab,ee,de,04,00,00,00,04,00,00,\
  00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,09,c8,a0,93,63,d2,b2,c1,\
  62,cf,d1,f8,b8,43,74,56,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,5b,\
  ed,15,62,28,0e,97,3d,74,34,f4,d2,b1,75,ad,03,b0,01,00,00,f6,11,38,ff,47,e4,\
  fa,af,33,7a,87,4b,95,24,ed,c5,a5,ba,e0,bf,cc,98,90,ff,5b,43,24,cf,6b,4a,a2,\
  32,db,b4,e1,ab,bb,fa,ec,34,a8,8f,1e,cb,d7,c9,02,90,be,ef,0e,63,c3,7d,fe,08,\
  50,e0,d7,4f,5a,d7,d4,1f,ed,0d,6e,f5,ed,c8,d7,49,1d,f5,df,02,15,6c,da,dd,6d,\
  3a,22,66,04,8f,af,59,04,c7,e1,4e,fc,a4,de,e2,e7,ec,98,fa,60,f5,6a,bf,aa,31,\
  1b,52,ca,ad,42,6f,99,fc,e2,37,ed,fd,7d,a1,4a,b1,d8,87,ce,29,33,c0,1e,30,06,\
  50,b9,32,ad,0c,71,ee,6b,02,33,7d,e2,7f,83,6f,4e,5a,a9,5d,6f,01,e1,50,d5,da,\
  d2,1c,39,b9,e8,10,4c,60,fa,97,26,7d,a2,19,19,50,36,5a,bb,e0,df,f1,79,be,4a,\
  1d,93,95,e6,1e,e3,db,2e,24,0c,d6,bd,ed,47,b2,39,be,1f,2c,8f,f7,73,06,8d,04,\
  1a,47,9d,fe,2f,27,12,bb,c9,c0,b1,85,33,7c,3d,b2,e0,a4,77,6b,0d,f7,7c,a1,dd,\
  ab,e4,a8,5a,f7,85,53,35,5d,71,e8,96,c4,5d,de,3e,20,d0,ca,ff,d9,d6,17,4c,14,\
  9e,15,e5,39,b3,0e,1f,69,c0,8f,20,b8,d6,8d,e3,0f,25,36,85,26,07,0e,72,af,3c,\
  68,e8,f3,0a,36,68,b6,f4,ed,99,20,f3,19,5c,37,0e,9a,eb,e8,61,bc,0a,a9,13,e1,\
  bb,57,09,30,9b,02,3b,5f,25,e6,30,8a,29,69,59,1a,69,9d,05,bd,3c,36,d6,1d,6a,\
  56,3d,5d,67,2f,11,04,fb,1c,e5,cc,2b,a2,b5,6a,b0,db,a6,24,92,38,15,94,98,57,\
  59,4f,7e,eb,1b,3d,24,c2,0d,68,ff,a7,e3,a6,d5,d8,bf,1f,55,28,42,70,24,09,10,\
  e9,76,07,eb,27,80,ed,8a,f7,dd,75,9b,7d,f8,41,b0,55,aa,04,cd,ab,d5,72,36,62,\
  71,b7,67,1a,7d,2e,6a,fd,e6,aa,aa,fa,6c,b7,8a,57,c6,7d,2e,3f,ec,8c,54,a0,77,\
  8e,14,00,00,00,69,e9,ad,34,75,03,0c,23,fd,3d,e2,9e,17,b7,ec,d2,d3,38,2d,0e
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
  "DLLName"="wlnotify.dll"
  "Logon"="RegisterTicketExpiredNotificationEvent"
  "Logoff"="UnregisterTicketExpiredNotificationEvent"
  "Impersonate"=dword:00000001
  "Asynchronous"=dword:00000001
  
  **********************************************************************************
  useragent:
  Windows Registry Editor Version 5.00
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
  "SV1"=""
  
  **********************************************************************************
  Shell Extension key:
  Windows Registry Editor Version 5.00
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
  "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
  "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
  "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
  "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
  "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
  "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
  "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
  "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
  "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
  "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
  "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
  "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
  "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
  "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
  "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
  "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
  "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
  "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
  "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
  "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
  "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
  "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
  "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
  "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
  "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
  "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
  "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
  "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
  "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
  "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
  "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
  "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
  "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
  "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
  "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
  "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
  "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
  "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
  "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
  "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
  "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
  "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
  "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
  "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
  "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
  "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
  "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
  "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
  "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
  "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
  "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
  "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
  "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
  "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
  "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
  "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
  "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
  "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
  "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
  "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
  "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
  "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
  "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
  "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
  "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
  "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
  "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
  "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
  "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
  "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
  "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
  "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
  "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
  "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
  "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
  "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
  "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
  "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
  "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
  "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
  "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
  "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
  "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
  "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
  "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
  "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
  "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
  "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
  "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
  "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
  "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
  "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
  "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
  "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
  "{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
  "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
  "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
  "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
  "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
  "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
  "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
  "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
  "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
  "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
  "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
  "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
  "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
  "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
  "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
  "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
  "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
  "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
  "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
  "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
  "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
  "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
  "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
  "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
  "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
  "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
  "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
  "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
  "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
  "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
  "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
  "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
  "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
  "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
  "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
  "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
  "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
  "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
  "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
  "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
  "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
  "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
  "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
  "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
  "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
  "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
  "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
  "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
  "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
  "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
  "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
  "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
  "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
  "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
  "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
  "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
  "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
  "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
  "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
  "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
  "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
  "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
  "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
  "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
  "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
  "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
  "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
  "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
  "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
  "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
  "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
  "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
  "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
  "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
  "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
  "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
  "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
  "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
  "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
  "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
  "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
  "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
  "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}"="SampleView"
  "{B8323370-FF27-11D2-97B6-204C4F4F5020}"="SmartFTP Shell Extension DLL"
  "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
  "{B327765E-D724-4347-8B16-78AE18552FC3}"="NeroDigitalIconHandler"
  "{7F1CF152-04F8-453A-B34C-E609530A9DC8}"="NeroDigitalPropSheetHandler"
  "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
  
  **********************************************************************************
  HKEY ROOT CLASSIDS:
  **********************************************************************************
  Files Found are not all bad files:
  
  C:\WINDOWS\SYSTEM32\
  ag9726~1.dll Mon May 1 2006 2:56:26p A.... 45,056 44.00 K
  agacaa~1.dll Mon May 1 2006 2:56:26p A.... 45,056 44.00 K
  agcpan~1.dll Mon May 1 2006 2:56:26p A.... 45,056 44.00 K
  agcpan~2.dll Mon May 1 2006 2:56:26p A.... 45,056 44.00 K
  agcpan~3.dll Mon May 1 2006 2:56:26p A.... 45,056 44.00 K
  agcpan~4.dll Mon May 1 2006 2:56:26p A.... 45,056 44.00 K
  age5a0~1.dll Mon May 1 2006 2:56:26p A.... 45,056 44.00 K
  age927~1.dll Mon May 1 2006 2:56:26p A.... 45,056 44.00 K
  age9e8~1.dll Mon May 1 2006 2:56:26p A.... 45,056 44.00 K
  aoldial.dll Wed May 31 2006 7:53:34p A.... 104,008 101.57 K
  browseui.dll Wed May 10 2006 1:23:00a A.... 1,022,976 999.00 K
  cdfview.dll Wed May 10 2006 1:23:00a A.... 151,040 147.50 K
  danim.dll Wed May 10 2006 1:23:00a A.... 1,054,208 1.00 M
  dhcpcsvc.dll Fri May 19 2006 8:59:42a A.... 111,616 109.00 K
  dnsapi.dll Fri May 19 2006 8:59:42a A.... 148,480 145.00 K
  dxtmsft.dll Wed May 10 2006 1:23:00a A.... 357,888 349.50 K
  dxtrans.dll Wed May 10 2006 1:23:00a A.... 205,312 200.50 K
  extmgr.dll Wed May 10 2006 1:23:00a A.... 55,808 54.50 K
  iepeers.dll Wed May 10 2006 1:23:00a A.... 251,392 245.50 K
  inseng.dll Wed May 10 2006 1:23:00a A.... 96,256 94.00 K
  iphlpapi.dll Fri May 19 2006 8:59:42a A.... 94,720 92.50 K
  jgdw400.dll Thu Jun 1 2006 2:47:08p A.... 163,840 160.00 K
  jgpl400.dll Thu Jun 1 2006 2:47:08p A.... 27,648 27.00 K
  jscript.dll Thu May 18 2006 1:24:26a A.... 450,560 440.00 K
  jsproxy.dll Wed May 10 2006 1:23:00a A.... 16,384 16.00 K
  legitc~1.dll Mon Jun 19 2006 4:19:42p ..... 571,184 557.80 K
  mshtml.dll Fri May 19 2006 11:08:32a A.... 3,052,544 2.91 M
  mshtmled.dll Wed May 10 2006 1:23:02a A.... 448,512 438.00 K
  msrating.dll Wed May 10 2006 1:23:02a A.... 146,432 143.00 K
  mstime.dll Wed May 10 2006 1:23:02a A.... 532,480 520.00 K
  pngfilt.dll Wed May 10 2006 1:23:02a A.... 39,424 38.50 K
  rasmans.dll Thu Jun 22 2006 6:47:18a A.... 181,248 177.00 K
  shdocvw.dll Mon May 29 2006 11:30:34a A.... 1,494,016 1.42 M
  shlwapi.dll Wed May 10 2006 1:23:02a A.... 474,112 463.00 K
  urlmon.dll Wed May 10 2006 1:23:02a A.... 613,888 599.50 K
  wgalogon.dll Mon Jun 19 2006 4:20:42p ..... 702,768 686.30 K
  wininet.dll Wed May 10 2006 1:23:04a A.... 658,432 643.00 K
  wmp.dll Sat Apr 29 2006 6:07:48a A.... 5,533,696 5.28 M
  xpsp3res.dll Thu May 11 2006 4:23:24a ..... 24,576 24.00 K
  
  39 items found: 39 files, 0 directories.
  Total of file sizes: 19,190,952 bytes 18.30 M
  Locate .tmp files:
  
  No matches found.
  **********************************************************************************
  Directory Listing of system files:
  Volume in drive C is PRESARIO
  Volume Serial Number is ECE4-E428
  
  Directory of C:\WINDOWS\System32
  
  07/23/2006 09:52 AM <DIR> ..
  07/23/2006 09:52 AM <DIR> .
  07/12/2006 05:52 PM <DIR> dllcache
  10/22/2004 12:11 AM <DIR> Microsoft
  0 File(s) 0 bytes
  4 Dir(s) 169,718,198,272 bytes free

  0
• Trogan London, UK

  July 2006 edited July 2006

  That log is clean. Can you do the following:
  
  View hidden files and folders:

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

  
  Next, Find and Delete the following:
  
  C:\Documents and Settings\Compaq_Owner\Application Data\tizupd.bin << this file
  C:\WINDOWS\Downloaded Program Files\pinstall.dll << this file
  C:\WINDOWS\sdkrm32.exe << this file
  
  
  Reboot your computer! Please scan with Panda again and save a logfile. Post that log here, along with a new HijackThis log please.

  0
• Viscera

  July 2006 edited July 2006

  Incident Status Location
  
  Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[statse.webtrendslive.com/]
  Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.maxserving.com/]
  Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.atdmt.com/]
  Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.maxserving.com/]
  Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[servedby.advertising.com/]
  Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.advertising.com/]
  Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[servedby.advertising.com/]
  Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.advertising.com/]
  Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.trafficmp.com/]
  Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.doubleclick.net/]
  Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.tribalfusion.com/]
  Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[ad.yieldmanager.com/]
  Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.as-us.falkag.net/]
  Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.serving-sys.com/]
  Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.adrevolver.com/]
  Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.mediaplex.com/]
  Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[www.burstbeacon.com/]
  Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.outster.com/]
  Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.fastclick.net/]
  Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.2o7.net/]
  Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.belnk.com/]
  Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.adopt.hbmediapro.com/]
  Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.winfixer.com/]
  Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.realmedia.com/]
  Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o9641581.default\cookies.txt[.atwola.com/]
  Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[1].txt
  Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[1].txt
  Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@as-us.falkag[2].txt
  Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@maxserving[2].txt
  Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@trafficmp[2].txt
  Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[2].txt
  Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@belnk[1].txt
  Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@dist.belnk[2].txt
  Logfile of HijackThis v1.99.1
  Scan saved at 11:23:11 AM, on 7/24/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
  C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  c:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\Program Files\mcafee.com\personal firewall\MPFService.exe
  C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\VentSrv\ventrilo_svc.exe
  C:\Program Files\VentSrv\ventrilo_srv.exe
  C:\windows\system\hpsysdrv.exe
  C:\HP\KBD\KBD.EXE
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\WINDOWS\system32\hphmon05.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\AOLSoftware.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
  C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
  C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
  C:\Program Files\Winamp\winampa.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\AGEIA Technologies\TrayIcon.exe
  C:\Program Files\dvd43\dvd43_tray.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\ewido anti-spyware 4.0\ewido.exe
  C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
  C:\Program Files\America Online 9.0e\waol.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\America Online 9.0e\shellmon.exe
  c:\program files\common files\aol\1137959279\ee\aolssc.exe
  C:\Program Files\hijackthis\HijackThis.exe
  
  R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
  O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
  O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137959279\ee\AOLSoftware.exe
  O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1137959279\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
  O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
  O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
  O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
  O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
  O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
  O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
  O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
  O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
  O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0e\AOL.EXE" -b
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
  O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
  O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151881651781
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
  O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
  
  Thanks for this I really appreciate it. While running Panda the warning popped upand blocked it 22 times.

  0
• Trogan London, UK

  July 2006 edited July 2006

  I'm a bit confused here. What exactly popped up and what keeps popping up? Is it an infected file? Please give me some details.
  
  Can you do the following.
  
  Download ATF (Atribune Temp File) Cleaner© by Atribune
  It is a stand-alone program that does not need to be "installed". Save it to a convenient location; your desktop would be a better place.
  
  Double-click ATF Cleaner.exe
  Under Main choose:
  Windows Temp
  Current User Temp
  All Users Temp
  Temporary Internet Files
  Prefetch
  Java Cache
  *The other boxes are optional*
  Then click the Empty Selected button.
  
  Firefox:
  Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
  
  Click Exit on the Main menu to close the program.
  
  For Technical Support, double-click the e-mail address located at the bottom of each menu

  0
• Viscera

  July 2006 edited July 2006

  These are the prompts I get over and over and over again....

  Spyware.jpg 56.2K

  Spyware2.jpg 176.7K

  0
• Trogan London, UK

  July 2006 edited July 2006

  They could be false positives, since all the other scans come up clean. I wouldn't rely on AOL too much as I've heard some bad things about them.
  
  With that said, we ran Purityscan which should have cleaned up the clickspring adware shown in the second image.
  
  Can you find out what the location of the file is please?
  
  Try this:
  
  Please download Ad-Aware SE and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.
  
  1) Run Ad-Aware, and click Check for updates now.
  
  2) Select Configurations (click the Gear wheel at the top) as follows:

  • General Button > Safety & Settings: Check (Green) all three.
  • Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

  Click Proceed.
  
  3) To start the scan, Click > "Scan Now" at left

  • Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
  • Select "Search for low-risk threats"
  • Select "Perform full system scan"
  • Click Next

  4) When the scan has completed, select Next.

  • In the Scanning Results window, select the "Critical Objects" tab.
  • Right-click on the screen and choose "Select all objects"
  • Click Next to remove the infections found, and click OK to the prompt.
  • Restart the computer.

  After scanning with Ad-Aware, please scan with SpyBot - Search & Destroy
  
  
  Download Spybot - Search & Destroy from here.

  1. Download and Install Spybot S&D (if you haven't already), accept the Default Settings
     
  2. In the Menu Bar at the top of the Spybot window you will see 'Mode'.
     Make certain that 'default mode' has a check mark beside it.
     
  3. Close ALL windows except Spybot S&D
     
  4. Click the button to ‘Search for Updates’ then download and install the updates.
     
  5. Next click the button ‘Check for Problems'
     
  6. When Spybot is complete, it will be showing 'RED' entries, bold 'BLACK' entries and 'GREEN' entries in the window
     
  7. Make certain there is a check mark beside all of the RED entries ONLY.
     
  8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
     
  9. REBOOT normally to complete the scan and clear memory.

  0
• Viscera

  July 2006 edited July 2006

  Logfile of HijackThis v1.99.1
  Scan saved at 2:43:43 PM, on 7/24/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
  C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  c:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
  C:\Program Files\mcafee.com\personal firewall\MPFService.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\VentSrv\ventrilo_svc.exe
  C:\Program Files\VentSrv\ventrilo_srv.exe
  C:\windows\system\hpsysdrv.exe
  C:\HP\KBD\KBD.EXE
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\WINDOWS\system32\hphmon05.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\AOLSoftware.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
  C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
  C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
  C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
  C:\Program Files\Winamp\winampa.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\AGEIA Technologies\TrayIcon.exe
  C:\Program Files\dvd43\dvd43_tray.exe
  C:\Program Files\ewido anti-spyware 4.0\ewido.exe
  C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\System32\svchost.exe
  c:\program files\common files\aol\1137959279\ee\aolssc.exe
  C:\Program Files\hijackthis\HijackThis.exe
  
  R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
  O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
  O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
  O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137959279\ee\AOLSoftware.exe
  O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1137959279\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
  O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
  O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
  O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
  O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
  O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
  O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
  O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
  O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
  O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
  O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
  O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151881651781
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
  O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1137959279\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
  
  I fear you are correct about it being a false positive. There is no way anything could survive the things you have had me do.

  0
• Trogan London, UK

  July 2006 edited July 2006

  I believe it is. Does AOL say where the file is located?
  
  Can you do this:
  
  Please print out this instructions as you should have all open windows and programs closed when running the scan.
  
  Step 1.
  ==========
  - Please download F-Secure's trial Blacklight from here
  - Print out the help page for guidance. It will be found here
  - Click the "I Accept" button at the the license agreement
  - Click the "Download" button to start the download
  - Save it to your Desktop
  
  Step 2.
  ==========
  - Double-click the blbeta.exe file on your Desktop
  - Select the "I Accept the agreement" at the license agreement, then click "Next"
  - Make sure all open programs and windows are closed (including this IE window) before clicking the "Scan" button
  - Click "Scan
  - When the animated graphics, in the bottom right-hand corner, disappears, click "Next"
  - A text log file will appear on your Desktop when the scan is complete. It will start with fsbl-xxxxxx.txt (ie: fsbl-20051017165931.log)
  - Paste the contents of that log back here.

  0
• Viscera

  July 2006 edited July 2006

  Nothing hidden.

  0
• Trogan London, UK

  July 2006 edited July 2006

  Thats good! Can you answer this?

  Trogan_1000 wrote:

  ...Does AOL say where the file is located?...

  In regards to AOL finding Tokid.B.

  0
• Viscera

  July 2006 edited July 2006

  Trogan_1000 wrote:

  Thats good! Can you answer this?
  
  In regards to AOL finding Tokid.B.

  
  
  Sorry I missed that. No it does not. It just gives me the warnings above. Stupid now that I think about it.

  0
• Trogan London, UK

  July 2006 edited July 2006

  In that case, I wouldn't worry about the warning too much. All the major scans are coming up clean and like I said, its probably false positives.
  
  How is the computer?

  0
• Viscera

  July 2006 edited July 2006

  Runs well except for that damn warning popping up. I really appreciate you going through this for me.

  0
• Trogan London, UK

  July 2006 edited July 2006

  No problem. I would disable AOL's protection as there is no need for it really.
  
  Just make sure you keep your Anti-Virus and Firewall up-to-date, as they are the most important things. Keep Ewido updated too. Just run weekly scans.
  
  Is there anything else I can help with?

  0
• Viscera

  July 2006 edited July 2006

  Trogan_1000 wrote:

  No problem. I would disable AOL's protection as there is no need for it really.
  
  Just make sure you keep your Anti-Virus and Firewall up-to-date, as they are the most important things. Keep Ewido updated too. Just run weekly scans.
  
  Is there anything else I can help with?

  
  Nope, I thank you very much.

  0
• Trogan London, UK

  July 2006 edited July 2006

  Your welcome!
  
  I'm going to mark this resolved. If you want it open, let me know by PM.

  0