Help w/ Spyware/Trojans [RESOLVED]
I am asking for help from a very special kind of person, one with the patience of a saint. Because my understanding when it comes to matters like this is very basic (see, also:noob). 
Tsk Tsk on me, I was trying to download a screensaver, and downloaded the wrong thing.
I'm not sure what info I'm supposed to provide.
I have a HP Pavilion a1430n
Running Windows XP Media Center Edition
So, the first odd thing that started happening was that a command box would open up, and say some weird kind of error as soon as i downloaded whatever it is i downloaded. Unfortunately, being a complete dolt, I did not write what it was down, and basically paid it no mind other than exing it out.
I went to bed, and when I woke up, there were 20 popups all over the place, when I usually don't get any.:eek3: Yes, needless to say, I was :Pwned:.
The first thing I noticed were 3 .exe s on my desktop. One was named (I think) Texasaurus.exe. The other 2, I really can't remember. I know was was an alphanumeric .exe. Yes, I stupidly just deleted them. There are also new folders in my Programs folders. Batty2, CMFibula, Grisoft, Internet Optimizer, Network Monitor, PSDream & TheSearchAccelerator. I also had UCMore, but I (supposedly) took that off. I have Toolbar888 and Mirar Toolbar. Also, when these pop ups come up most of them have the address ad.firstadsolution.com
My boyfriend sent me AVG, and I ran that and removed whatever it found (about 50000 worms & 10 or so Trojans), but it's still doing the same thing with the pop-ups, and making my PC very sluggish.
I'll be thankful for whatever help you can give.
Tsk Tsk on me, I was trying to download a screensaver, and downloaded the wrong thing.
I'm not sure what info I'm supposed to provide.
I have a HP Pavilion a1430n
Running Windows XP Media Center Edition
So, the first odd thing that started happening was that a command box would open up, and say some weird kind of error as soon as i downloaded whatever it is i downloaded. Unfortunately, being a complete dolt, I did not write what it was down, and basically paid it no mind other than exing it out.
I went to bed, and when I woke up, there were 20 popups all over the place, when I usually don't get any.:eek3: Yes, needless to say, I was :Pwned:.
The first thing I noticed were 3 .exe s on my desktop. One was named (I think) Texasaurus.exe. The other 2, I really can't remember. I know was was an alphanumeric .exe. Yes, I stupidly just deleted them. There are also new folders in my Programs folders. Batty2, CMFibula, Grisoft, Internet Optimizer, Network Monitor, PSDream & TheSearchAccelerator. I also had UCMore, but I (supposedly) took that off. I have Toolbar888 and Mirar Toolbar. Also, when these pop ups come up most of them have the address ad.firstadsolution.com
My boyfriend sent me AVG, and I ran that and removed whatever it found (about 50000 worms & 10 or so Trojans), but it's still doing the same thing with the pop-ups, and making my PC very sluggish.
I'll be thankful for whatever help you can give.
0
This discussion has been closed.
Comments
Click here to download HJTsetup.exe. Save it to your Desktop!
- Double click on the HJTsetup.exe icon on your desktop.
- By default it will install to C:\Program Files\Hijack This.
- Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
- Put a check by Create a desktop icon then click Next again.
- Continue to follow the rest of the prompts from there.
- At the final dialogue box click Finish and it will launch Hijack This.
- Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
- Copy and paste the log here
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.Logfile of HijackThis v1.99.1
Scan saved at 6:21:17 PM, on 10/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Programs\Misc. Software\Daemon Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\1157741954\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Programs\Misc. Software\Unlocker\UnlockerAssistant.exe
C:\Program Files\Programs\Music Tools\iTunes\iTunes Files\iTunesHelper.exe
C:\WINDOWS\ms06325854795.exe
C:\WINDOWS\avwfxplA.exe
C:\WINDOWS\cfg32.exe
C:\WINDOWS\Duce6.exe
C:\PROGRA~1\COMPUT~1\avgcc.exe
C:\Program Files\Common Files\{32F3243D-07D4-1033-0209-061129050001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CMFibula\CMFibula.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\COMPUT~1\avgamsvr.exe
C:\PROGRA~1\COMPUT~1\avgupsvc.exe
C:\PROGRA~1\COMPUT~1\avgemc.exe
C:\WINDOWS\RWxhaW5lIERldWJsZQ\command.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\avwfxpl.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Programs\Internet Tools\IM & Chat Clients\America Online 9.0\America Online 9.0\waol.exe
C:\Program Files\Programs\Internet Tools\IM & Chat Clients\America Online 9.0\America Online 9.0\shellmon.exe
C:\Program Files\Programs\Internet Tools\Browsers\FireFox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\iitmt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,tebqeqa.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {B86DE24E-CBBC-4DE7-83D7-5E5EE1ABE30D} - C:\Program Files\Common Files\vilyz.dll (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{32F3243D-07D4-1033-0209-061129050001}\MyToolBar.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{32F3243D-07D4-1033-0209-061129050001}\MyToolBar.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\Programs\Misc. Software\Daemon Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1157741954\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Programs\Misc. Software\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Programs\Music Tools\iTunes\iTunes Files\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ms06325854795] C:\WINDOWS\ms06325854795.exe
O4 - HKLM\..\Run: [rqhatj] C:\WINDOWS\system32\ryditl.exe reg_run
O4 - HKLM\..\Run: [avwfxplA] C:\WINDOWS\avwfxplA.exe
O4 - HKLM\..\Run: [qhtd56ff] RUNDLL32.EXE w391987e.dll,n 005d56fa00000003391987e
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lwinppes.exe GEN001
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e30.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e30.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e30.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\COMPUT~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kork] C:\PROGRA~1\COMMON~1\kork\korkm.exe
O4 - HKCU\..\Run: [nnobu] C:\WINDOWS\system32\ryditl.exe reg_run
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\Programs\Internet Tools\IM & Chat Clients\America Online 9.0\America Online 9.0\AOL.EXE" -b
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\lwinppes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Programs\Internet Tools\LiveJournal\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Programs\Internet Tools\LiveJournal\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Programs\Internet Tools\IM & Chat Clients\A.I.M\A.I.M. Files\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146505740375
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/SCJohnson/Coupons.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.3.1429-3.0.0.7207/MILive.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - C:\Program Files\Batty2\Batty2.dll
O20 - AppInit_DLLs: BattyRun2.dll
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\dkscript.dll
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\qov.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\COMPUT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\COMPUT~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\COMPUT~1\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RWxhaW5lIERldWJsZQ\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Programs\Misc. Software\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\avwfxpl.exe
& Here is the additional list you asked for, Trogan
5 Card Slingo from HP Media Center (remove only)
Adensoft Audio/Data CD Burner 2.92
Adobe Photoshop CS
Adobe Reader 7.0.8
Agere Systems PCI-SV92PP Soft Modem
Alcohol 120%
Animation Shop 3
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Instant Messenger
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Software Update
AstroPop Deluxe from HP Media Center (remove only)
Avanquest update
AVG Free Edition
Azureus
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
BitComet 0.66
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Blaze Media Pro
Boggle Supreme from HP Media Center (remove only)
BookWorm Deluxe 1.01
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
CEP - Color Enable Package
Chuzzle Deluxe from HP Media Center (remove only)
Command
Crystal Maze from HP Media Center (remove only)
Customer Experience Enhancement
DISCover
DVD Decrypter (Remove Only)
Easy Internet Sign-up
Family Feud
FATE from HP Media Center (remove only)
GdiplusUpgrade
GemMaster Mystic
Hardwood Spades
Hidden Expedition - Titanic (remove only)
High Definition Audio Driver Package - KB888111
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB915865)
Hoyle Board Games 2007
Hoyle Card Games 2007
Hoyle Card Games 4
Hoyle Casino 2006 (remove only)
Hoyle Puzzle Games 2007
Hoyle Word Games 3
HP Boot Optimizer
HP Deskjet 5400 series
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP DVD Play 1.0
HP Game Console and games
HP Imaging Device Functions 6.0
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.0
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Rhapsody
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HP Web Helper
Insaniquarium Deluxe from HP Media Center (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Kazaa Lite K++ v2.4.3
KC Softwares VideoInspector
K-Lite Mega Codec Pack 1.53
Last.fm 1.0.7
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LifeGlobe Goldfish Aquarium
LifeGlobe Sharks, Terrors of the Deep
LimeWire 4.12.6
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia Flash Player 8
Macromedia FreeHand 10
Mah Jong Quest from HP Media Center (remove only)
Meetro 0.96 beta
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Money 2006
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Standard Edition 2003
Microsoft Works
Motorola Phone Tools
Mozilla Firefox (1.5.0.7)
MPEG4 Direct Maker
MSXML 4.0 SP2 (KB925672)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Nero 7 Demo
Netscape Browser (remove only)
Network Monitor
NVIDIA Drivers
Otto
Paint Shop Pro 7 Try And Buy
Palace Uninstall
PC-Doctor 5 for Windows
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PS2
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
ratDVD 0.78.1444
RealPlayer
Realtek High Definition Audio Driver
Related Page
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
Scientific-Atlanta WebSTAR 2000 series Cable Modem
SCRABBLE from HP Media Center (remove only)
Search Bar
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Semagic (remove only)
SereneScreen Marine Aquarium 2
SereneScreen Marine Aquarium Time 2
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Super Bounce Out!
Super Collapse! from GameHouse
Super Glinx! from GameHouse
Super Granny from HP Media Center (remove only)
Super TextTwist
TargetSaver
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 University
ToolBar888
Total Video Converter 2.52
Tradewinds from HP Media Center (remove only)
Unlocker 1.8.5
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Updates from HP (remove only)
Videora iPod Converter 0.91
Viewpoint Media Player
Water Balloon Fight
Web Nexus Network
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Overlay Components
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908250
WinRAR archiver
WinZip
WONplay
Yahoo! Messenger
Zuma Deluxe from HP Media Center (remove only)
Important: While we work to clean your computer, please do not use any P2P programs to download anthing, accept for what is asked.
Please do the following...
I don't see any indication of a Firewall in your HijackThis log. This may be because:
(1.) You are using Windows Firewall or a hardware Firewall.
(2.) You are using a Firewall of an unknown vendor.
(3.) You are using a Firewall, but it is disabled for unknown reasons
(4.) You don't use any firewall at all.
In the case you don't have a Firewall, please download one from the list below - They are Free for personal use!
Zone Alarm << I recommend this
Sunbelt Kerio PF
Outpost Firewall
______________________________
Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:
Command
Search Bar
SereneScreen Marine Aquarium 2 <-- Is this what you tried to install? If so, remove it!
SereneScreen Marine Aquarium Time 2 <-- Is this what you tried to install? If so, remove it!
TargetSaver
ToolBar888
Windows Overlay Components
______________________________
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
______________________________
Please post the following:
1) ComboFix log
2) New Uninstall list
3) New HijackThis log
I removed everything except Windows Overlay Components, because when I click remove, a window pops up that says:
'Removing certain files queued for deletion may prevent other Windows components from operating. Do you wish to continue?'
When I press continue, a 'Shared Windows Service Alert' comes up and says 'You are about to remove a shared windows service. Do you wish to continue?'
I just wanted to make sure with you that it's okay that I remove it, even though it's giving me these messages.
Also, I removed 'Search Bar' from the list, but I'm not sure if it actually uninstalled. .5 seconds after I pressed remove on it, the name disappeared on the list, but there was no verification or progress bar. Is that normal? Thank you so much for your patience!!
Leave Windows Overlay Components for now and run ComboFix, as it will deal with it for us.
ComboFix 06.10.16 - Running from: "C:\Program Files\Computer Security\ComboFix"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\clsid\{78BD9B24-C656-4EB6-B494-F25A5EB6DCB6}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{78BD9B24-C656-4EB6-B494-F25A5EB6DCB6}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{78BD9B24-C656-4EB6-B494-F25A5EB6DCB6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{78BD9B24-C656-4EB6-B494-F25A5EB6DCB6}\InprocServer32]
@="C:\\WINDOWS\\system32\\dkscript.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{B4718E69-34E1-413A-8FC9-EF9F52079788}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{B4718E69-34E1-413A-8FC9-EF9F52079788}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{B4718E69-34E1-413A-8FC9-EF9F52079788}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{B4718E69-34E1-413A-8FC9-EF9F52079788}\InprocServer32]
@="C:\\WINDOWS\\system32\\qov.dll"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
FILES REMOVED:
C:\WINDOWS\system32\dkscript.dll
C:\WINDOWS\system32\qov.dll
Granting sedebugprivilege to Administrators ... successful
((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))
* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *
06-10-15 12:16 336 qtjpl.dll.qoo
06-10-15 09:34 53 wlpqel.dat.qoo
DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\Duce6.exe
C:\WINDOWS\teller2.chk
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATSR6L61\dfndrff_e[1].exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\LJVND94A\deskbar_e[1].exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\K5QB0DQV\kybrdff_e[1].exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ADD6RUDG\nwnmff_e[1].exe
C:\WINDOWS\offun.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\uninstall_nmon.vbs
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Deskbar
C:\Program Files\outlook
C:\Program Files\TheSearchAccelerator
C:\WINDOWS\system32\WinNB58.dll
C:\Program Files\batty2
C:\Program Files\cmfibula
C:\Program Files\network monitor
C:\Program Files\Common Files\{32F3243D-07D4-1033-0209-061129050001}
((((((((((((((((((((((((((((((( Files Created from 2006-09-15 to 2006-10-15 ))))))))))))))))))))))))))))))))))
2006-10-15 12:19 778,656 --a
C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-15 12:19 4,992 --a
C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-15 12:19 4,288 --a
C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-15 12:19 27,904 --a
C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-15 12:19 23,104 --a
C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-10-15 11:50 45,090 --a
C:\WINDOWS\system32\oodsregj.exe
2006-10-15 09:38 32,768 --a
C:\WINDOWS\mwcmibyl.exe
2006-10-15 09:35 938 --a
C:\WINDOWS\system32\winpfg32.sys
2006-10-15 09:35 45,056 --a
C:\WINDOWS\cfg32s.dll
2006-10-15 09:35 45,056 --a
C:\WINDOWS\avwfxpl.exe
2006-10-15 09:35 397,312 --a
C:\WINDOWS\cfg32p.dll
2006-10-15 09:35 267,824 -r-hs---- C:\WINDOWS\avwfxplA.exe
2006-10-15 09:35 183,478 --a
C:\WINDOWS\srvjsvdsrp.exe
2006-10-15 09:35 168,059 --a
C:\WINDOWS\system32\lwinppes.exe
2006-10-15 09:35 110,592 --a
C:\WINDOWS\cfg32o.dll
2006-10-15 09:35 102,400 --a
C:\WINDOWS\cfg32r.dll
2006-10-15 09:35 1,259 --a
C:\WINDOWS\system32\qhtd56ff.sys
2006-10-15 09:33 217,276 --a
C:\WINDOWS\srvrdwxiqp.exe
2006-10-15 09:33 163,840 --a
C:\WINDOWS\ms06325854795.exe
2006-10-10 00:30 4 --ah
C:\WINDOWS\uccspecb.sys
2006-10-06 18:11 65,536 --a
C:\WINDOWS\system32\Winwcd.dll
2006-09-18 16:44 262,240 --a
C:\WINDOWS\system32\MILiveDownload3.dll
2006-09-15 17:21 53,248 --a
C:\WINDOWS\uninst108.exe
2006-09-15 17:16 53,248 --a
C:\WINDOWS\uni_e6h.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-15 20:06
d--h
C:\Program Files\Common Files
2006-10-15 20:00
d
C:\Program Files\Computer Security
2006-10-15 19:26
d
C:\Documents and Settings\HP_Administrator\Application Data\Sonic
2006-10-15 19:26
d
C:\Documents and Settings\HP_Administrator\Application Data\Leadertech
2006-10-15 18:22
d
C:\Program Files\Hijackthis
2006-10-15 13:21
d
C:\Program Files\Internet Optimizer
2006-10-15 12:19
d
C:\Program Files\Grisoft
2006-10-15 12:19
d
C:\Documents and Settings\HP_Administrator\Application Data\AVG7
2006-10-15 12:16 517 --a
C:\Program Files\Common Files\vilyz
2006-10-15 12:16
d--h
C:\Program Files\NetMeeting
2006-10-15 12:16
d
C:\Program Files\Movie Maker
2006-10-15 09:35
d
C:\Program Files\PSDream
2006-10-13 22:27
d
C:\Program Files\MSXML 4.0
2006-10-07 23:53
d
C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2006-10-01 12:48
d
C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2006-10-01 05:29
d
C:\Documents and Settings\HP_Administrator\Application Data\Jasc
2006-09-26 17:24
d
C:\Documents and Settings\HP_Administrator\Application Data\AOL
2006-09-22 23:35
d
C:\Program Files\AOL Toolbar
2006-09-22 23:35
d
C:\Program Files\AOL Deskbar
2006-09-22 15:11
d--h
C:\Program Files\InstallShield Installation Information
2006-09-22 15:11
d
C:\Program Files\iPod
2006-09-20 06:39
d--h
C:\Program Files\QuickTime
2006-09-20 06:37
d
C:\Program Files\Apple Software Update
2006-09-13 11:53 10920 --ah
C:\aolconnfix.exe
2006-09-13 01:01 1084416 --a
C:\WINDOWS\system32\msxml3.dll
2006-09-12 17:51 1245184 --a
C:\WINDOWS\system32\msxml4.dll
2006-09-12 10:32
d
C:\Program Files\Common Files\AOL
2006-09-12 10:32
d
C:\Program Files\AOL
2006-09-08 15:00
d
C:\Program Files\Common Files\aolshare
2006-09-08 15:00
d
C:\Documents and Settings\HP_Administrator\Application Data\You've Got Pictures Screensaver
2006-09-08 14:59
d
C:\Program Files\Common Files\AolCoach
2006-09-08 14:55
d
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2006-09-08 14:42
d--h
C:\Program Files\Hewlett-Packard
2006-09-08 14:20
d--h
C:\Program Files\Pure Networks
2006-09-06 19:00
d
C:\Program Files\Driver Reinstallations
2006-09-06 02:17
d
C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2006-09-04 15:08 223128 --a
C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-09-04 15:05 643072 --a
C:\WINDOWS\system32\drivers\sptd.sys
2006-09-02 18:59
d
C:\Program Files\MSN Messenger
2006-08-28 04:03
d---s---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2006-08-25 11:45 617472
C:\WINDOWS\system32\comctl32.dll
2006-08-21 08:21 16896 --a
C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a
C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896
C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-17 02:00
d--h
C:\Program Files\Sierra On-Line
2006-08-17 02:00
d
C:\Program Files\Temporary
2006-08-17 02:00
d
C:\Program Files\Programs
2006-08-17 02:00
d
C:\Program Files\iTunes
2006-08-17 02:00
d
C:\Program Files\Common Files\Sierra On-Line
2006-08-17 02:00
d
C:\Documents and Settings\HP_Administrator\Application Data\CyberLink
2006-08-17 01:59
d
C:\Program Files\Common Files\Symantec Shared
2006-08-17 01:57
d
C:\Program Files\Internet Explorer
2006-08-16 07:58 100352 --a
C:\WINDOWS\system32\6to4svc.dll
2006-08-16 05:37 225664
C:\WINDOWS\system32\drivers\tcpip6.sys
2006-08-07 11:17 61440 --a
C:\WINDOWS\system32\BattyRun2.dll
2006-08-02 19:35 174 --a
C:\WINDOWS\Palace.reg
2006-07-29 19:32 48936 --a
C:\WINDOWS\system32\sirenacm.dll
2006-07-27 09:24 679424 --a
C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704
C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PSDream"="\"C:\\Program Files\\PSDream\\PSDream.exe\""
"CMFibula"="\"C:\\Program Files\\CMFibula\\CMFibula.exe\""
"AOL Fast Start"="\"C:\\Program Files\\Programs\\Internet Tools\\IM & Chat Clients\\America Online 9.0\\America Online 9.0\\AOL.EXE\" -b"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"{32-24-43-3D-ZN}"="c:\\windows\\system32\\oodsregj.exe GEN001"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"avwfxplA"="C:\\WINDOWS\\avwfxplA.exe"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\NetMeeting\\xusymokak.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Movie Maker\\viqok.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\COMPUT~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\COMPUT~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ARPWRMSG"
"hkey"="HKLM"
"command"="ARPWRMSG.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOL"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Programs\\Internet Tools\\IM & Chat Clients\\America Online 9.0\\AOL.EXE\" -b"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Programs\\Misc. Software\\Daemon Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DISCover"
"hkey"="HKLM"
"command"="C:\\Program Files\\DISC\\DISCover.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DiscUpdateMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\DISC\\DiscUpdateMgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DMAScheduler"
"hkey"="HKLM"
"command"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ehome\\ehtray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1146347094\\ee\\AOLSoftware.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPwuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPBootOp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphupd08"
"hkey"="HKLM"
"command"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PortAOL"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NSCService"=dword:00000003
"navapsvc"=dword:00000002
"iPodService"=dword:00000003
"AOL TopSpeedMonitor"=dword:00000002
"AOL ACS"=dword:00000002
"Adobe LM Service"=dword:00000003
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06-10-15 20:06:37.75
C:\ComboFix.txt ... 06-10-15 20:06
Logfile of HijackThis v1.99.1
Scan saved at 8:10:35 PM, on 10/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\COMPUT~1\avgamsvr.exe
C:\PROGRA~1\COMPUT~1\avgupsvc.exe
C:\PROGRA~1\COMPUT~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\avwfxpl.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system32\oodsregj.exe
C:\WINDOWS\avwfxplA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PSDream\PSDream.exe
C:\Program Files\Programs\Internet Tools\IM & Chat Clients\America Online 9.0\America Online 9.0\waol.exe
C:\PROGRA~1\Quicken\INTERN~1\IEXPLORE.EXE
C:\Program Files\Programs\Internet Tools\IM & Chat Clients\America Online 9.0\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Programs\Internet Tools\Browsers\FireFox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {B86DE24E-CBBC-4DE7-83D7-5E5EE1ABE30D} - C:\Program Files\Common Files\vilyz.dll (file missing)
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [{32-24-43-3D-ZN}] C:\windows\system32\oodsregj.exe GEN001
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avwfxplA] C:\WINDOWS\avwfxplA.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lwinppes.exe GEN001
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\Programs\Internet Tools\IM & Chat Clients\America Online 9.0\America Online 9.0\AOL.EXE" -b
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\lwinppes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Programs\Internet Tools\LiveJournal\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Programs\Internet Tools\LiveJournal\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Programs\Internet Tools\IM & Chat Clients\A.I.M\A.I.M. Files\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146505740375
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/SCJohnson/Coupons.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.3.1429-3.0.0.7207/MILive.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - AppInit_DLLs: BattyRun2.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\COMPUT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\COMPUT~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\COMPUT~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Programs\Misc. Software\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\avwfxpl.exe
UNINSTALL LIST
5 Card Slingo from HP Media Center (remove only)
Adensoft Audio/Data CD Burner 2.92
Adobe Photoshop CS
Adobe Reader 7.0.8
Agere Systems PCI-SV92PP Soft Modem
Animation Shop 3
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Instant Messenger
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Software Update
AstroPop Deluxe from HP Media Center (remove only)
Avanquest update
AVG Free Edition
Azureus
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
BitComet 0.66
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Blaze Media Pro
Boggle Supreme from HP Media Center (remove only)
BookWorm Deluxe 1.01
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
CEP - Color Enable Package
Chuzzle Deluxe from HP Media Center (remove only)
Crystal Maze from HP Media Center (remove only)
Customer Experience Enhancement
DISCover
DVD Decrypter (Remove Only)
Easy Internet Sign-up
Family Feud
FATE from HP Media Center (remove only)
GdiplusUpgrade
GemMaster Mystic
Hardwood Spades
Hidden Expedition - Titanic (remove only)
High Definition Audio Driver Package - KB888111
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB915865)
Hoyle Board Games 2007
Hoyle Card Games 2007
Hoyle Card Games 4
Hoyle Casino 2006 (remove only)
Hoyle Puzzle Games 2007
Hoyle Word Games 3
HP Boot Optimizer
HP Deskjet 5400 series
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP DVD Play 1.0
HP Game Console and games
HP Imaging Device Functions 6.0
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.0
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Rhapsody
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HP Web Helper
Insaniquarium Deluxe from HP Media Center (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Kazaa Lite K++ v2.4.3
KC Softwares VideoInspector
K-Lite Mega Codec Pack 1.53
Last.fm 1.0.7
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LimeWire 4.12.6
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia Flash Player 8
Macromedia FreeHand 10
Mah Jong Quest from HP Media Center (remove only)
Meetro 0.96 beta
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Money 2006
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Standard Edition 2003
Microsoft Works
Motorola Phone Tools
Mozilla Firefox (1.5.0.7)
MPEG4 Direct Maker
MSXML 4.0 SP2 (KB925672)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Nero 7 Demo
Netscape Browser (remove only)
NVIDIA Drivers
Otto
Paint Shop Pro 7 Try And Buy
Palace Uninstall
PC-Doctor 5 for Windows
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PS2
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
ratDVD 0.78.1444
RealPlayer
Realtek High Definition Audio Driver
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
Scientific-Atlanta WebSTAR 2000 series Cable Modem
SCRABBLE from HP Media Center (remove only)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Semagic (remove only)
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Super Bounce Out!
Super Collapse! from GameHouse
Super Glinx! from GameHouse
Super Granny from HP Media Center (remove only)
Super TextTwist
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 University
Total Video Converter 2.52
Tradewinds from HP Media Center (remove only)
Unlocker 1.8.5
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Updates from HP (remove only)
Videora iPod Converter 0.91
Viewpoint Media Player
Water Balloon Fight
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Overlay Components
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908250
WinRAR archiver
WinZip
WONplay
Yahoo! Messenger
Zuma Deluxe from HP Media Center (remove only)
Thanks Trogan! Had an emergency come up.
I still don't see a Firewall. If you have one, let me know in your next post, otherwise please install one. Its very imprortant!
________
You may want to print or save the following instructions as the internet will not be available once in Safe Mode!
First, please uninstall Windows Overlay Components. Allow it to continue when asked.
_____________________________________
Next, lets download some tools to use later.
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. Do not use it yet!
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
- Install AVG Anti-Spyware by double clicking the installer.
- Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
- On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
- Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
_____________________________________
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY... on&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: (no name) - {B86DE24E-CBBC-4DE7-83D7-5E5EE1ABE30D} - C:\Program Files\Common Files\vilyz.dll (file missing)
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [{32-24-43-3D-ZN}] C:\windows\system32\oodsregj.exe GEN001
O4 - HKLM\..\Run: [avwfxplA] C:\WINDOWS\avwfxplA.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lwinppes.exe GEN001
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\lwinppes.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...on/Coupons.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WON...herControl.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/ev...207/MILive.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager...etOpPlugin.ocx
O20 - AppInit_DLLs: BattyRun2.dll
- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis
_____________________________________
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
_____________________________________We need to view hidden files and folders:
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Show hidden files and folders.
- Uncheck the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
_____________________________________Please find and Delete the following in BOLD, if present:
C:\Program Files\PSDream
C:\Program Files\CMFibula
C:\windows\system32\oodsregj.exe
C:\WINDOWS\system32\lwinppes.exe
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\avwfxplA.exe
Do a search for BattyRun2.dll, and delete it if found.
_____________________________________
LocateATF Cleaner.exe and open it.
Under Main select the following:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
_____________________________________
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
- Click on Scanner on the toolbar.
- Click on the Settings tab.
- Under How to act?
- Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
- All checkboxes should be ticked.
- Under Possibly unwanted software:
- All checkboxes should be ticked.
- Under Reports:
- Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
- Select Scan every file.
- Click on the Scan tab.
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
- When the scan has finished, follow the instructions below.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
- When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode.IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
_____________________________________
Run another scan with ComboFix please.
_____________________________________
Please post the following:
1) New log from ComboFix
2) AVG Anti-Spyware report
3) New HijackThis log
Whenever I launch IE, it opens with this toolbar that says simply 'Search' with a drop-down box. No matter how many times I right-click and uncheck it, IE always opens up with it. Could it be that 'Search Toolbar' I wasn't sure was removed properly?
Also, with 0 applications open, I get this audio that starts playing on my PC. Sounds almost like a Radio News station, or audio from news. I rebooted, and it comes back. Creeeepy!
I have to go read the rest of your post now, lol!
Its 2am here, and I'm off to bed. Skywalker, you can take over if Tiffany posts back.
<IMG SRC="http://i13.photobucket.com/albums/a265/wakeupinacoma/misc/HijackThisError.jpg">
I'm going to go on and finish the rest of the instructions.
HP_Administrator - 06-10-16 2:13:48.70 Service Pack 2
ComboFix 06.10.16 - Running from: "C:\Program Files\Computer Security\ComboFix"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\LocalService\Application Data\NetMon
((((((((((((((((((((((((((((((( Files Created from 2006-09-16 to 2006-10-16 ))))))))))))))))))))))))))))))))))
2006-10-15 21:19 3,968 --a
C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-15 12:19 778,656 --a
C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-15 12:19 4,992 --a
C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-15 12:19 4,288 --a
C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-15 12:19 27,904 --a
C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-15 12:19 23,104 --a
C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-10-15 09:35 938 --a
C:\WINDOWS\system32\winpfg32.sys
2006-10-15 09:35 183,478 --a
C:\WINDOWS\srvjsvdsrp.exe
2006-10-15 09:35 1,259 --a
C:\WINDOWS\system32\qhtd56ff.sys
2006-10-15 09:33 217,276 --a
C:\WINDOWS\srvrdwxiqp.exe
2006-10-10 00:30 4 --ah
C:\WINDOWS\uccspecb.sys
2006-09-18 16:44 262,240 --a
C:\WINDOWS\system32\MILiveDownload3.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-15 21:35
d
C:\Program Files\Hijackthis
2006-10-15 21:15
d
C:\Program Files\Computer Security
2006-10-15 20:06
d--h
C:\Program Files\Common Files
2006-10-15 19:26
d
C:\Documents and Settings\HP_Administrator\Application Data\Sonic
2006-10-15 19:26
d
C:\Documents and Settings\HP_Administrator\Application Data\Leadertech
2006-10-15 12:19
d
C:\Program Files\Grisoft
2006-10-15 12:19
d
C:\Documents and Settings\HP_Administrator\Application Data\AVG7
2006-10-15 12:16 517 --a
C:\Program Files\Common Files\vilyz
2006-10-15 12:16
d--h
C:\Program Files\NetMeeting
2006-10-15 12:16
d
C:\Program Files\Movie Maker
2006-10-13 22:27
d
C:\Program Files\MSXML 4.0
2006-10-07 23:53
d
C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2006-10-01 12:48
d
C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2006-10-01 05:29
d
C:\Documents and Settings\HP_Administrator\Application Data\Jasc
2006-09-26 17:24
d
C:\Documents and Settings\HP_Administrator\Application Data\AOL
2006-09-22 23:35
d
C:\Program Files\AOL Toolbar
2006-09-22 23:35
d
C:\Program Files\AOL Deskbar
2006-09-22 15:11
d--h
C:\Program Files\InstallShield Installation Information
2006-09-22 15:11
d
C:\Program Files\iPod
2006-09-20 06:39
d--h
C:\Program Files\QuickTime
2006-09-20 06:37
d
C:\Program Files\Apple Software Update
2006-09-15 17:16 53248 --a
C:\WINDOWS\uni_e6h.exe
2006-09-13 11:53 10920 --ah
C:\aolconnfix.exe
2006-09-13 01:01 1084416 --a
C:\WINDOWS\system32\msxml3.dll
2006-09-12 17:51 1245184 --a
C:\WINDOWS\system32\msxml4.dll
2006-09-12 10:32
d
C:\Program Files\Common Files\AOL
2006-09-12 10:32
d
C:\Program Files\AOL
2006-09-08 15:00
d
C:\Program Files\Common Files\aolshare
2006-09-08 15:00
d
C:\Documents and Settings\HP_Administrator\Application Data\You've Got Pictures Screensaver
2006-09-08 14:59
d
C:\Program Files\Common Files\AolCoach
2006-09-08 14:55
d
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2006-09-08 14:42
d--h
C:\Program Files\Hewlett-Packard
2006-09-08 14:20
d--h
C:\Program Files\Pure Networks
2006-09-06 19:00
d
C:\Program Files\Driver Reinstallations
2006-09-06 02:17
d
C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2006-09-04 15:08 223128 --a
C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-09-04 15:05 643072 --a
C:\WINDOWS\system32\drivers\sptd.sys
2006-09-02 18:59
d
C:\Program Files\MSN Messenger
2006-08-28 04:03
d---s---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2006-08-25 11:45 617472
C:\WINDOWS\system32\comctl32.dll
2006-08-21 08:21 16896 --a
C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a
C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896
C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-17 02:00
d--h
C:\Program Files\Sierra On-Line
2006-08-17 02:00
d
C:\Program Files\Temporary
2006-08-17 02:00
d
C:\Program Files\Programs
2006-08-17 02:00
d
C:\Program Files\iTunes
2006-08-17 02:00
d
C:\Program Files\Common Files\Sierra On-Line
2006-08-17 02:00
d
C:\Documents and Settings\HP_Administrator\Application Data\CyberLink
2006-08-17 01:59
d
C:\Program Files\Common Files\Symantec Shared
2006-08-17 01:57
d
C:\Program Files\Internet Explorer
2006-08-16 07:58 100352 --a
C:\WINDOWS\system32\6to4svc.dll
2006-08-16 05:37 225664
C:\WINDOWS\system32\drivers\tcpip6.sys
2006-08-02 19:35 174 --a
C:\WINDOWS\Palace.reg
2006-07-29 19:32 48936 --a
C:\WINDOWS\system32\sirenacm.dll
2006-07-27 09:24 679424 --a
C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704
C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AOL Fast Start"="\"C:\\Program Files\\Programs\\Internet Tools\\IM & Chat Clients\\America Online 9.0\\America Online 9.0\\AOL.EXE\" -b"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"avwfxplA"="C:\\WINDOWS\\avwfxplA.exe"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\NetMeeting\\xusymokak.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Movie Maker\\viqok.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\COMPUT~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\COMPUT~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ARPWRMSG"
"hkey"="HKLM"
"command"="ARPWRMSG.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOL"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Programs\\Internet Tools\\IM & Chat Clients\\America Online 9.0\\AOL.EXE\" -b"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Programs\\Misc. Software\\Daemon Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DISCover"
"hkey"="HKLM"
"command"="C:\\Program Files\\DISC\\DISCover.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DiscUpdateMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\DISC\\DiscUpdateMgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DMAScheduler"
"hkey"="HKLM"
"command"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ehome\\ehtray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1146347094\\ee\\AOLSoftware.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPwuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPBootOp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphupd08"
"hkey"="HKLM"
"command"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PortAOL"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NSCService"=dword:00000003
"navapsvc"=dword:00000002
"iPodService"=dword:00000003
"AOL TopSpeedMonitor"=dword:00000002
"AOL ACS"=dword:00000002
"Adobe LM Service"=dword:00000003
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06-10-16 2:15:09.98
C:\ComboFix.txt ... 06-10-16 02:15
C:\ComboFix2.txt ... 06-10-15 20:06
AVG Anti-Spyware - Scan Report
+ Created at: 2:08:28 AM 10/16/2006
+ Scan result:
HKU\S-1-5-21-963546380-2644281483-2833476387-1008\Software\_rtneg -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20061015-214502-124.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20061015-214502-685.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20061015-214502-926.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031271.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031272.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031604.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031605.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\cfg32p.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\cfg32s.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\mwcmibyl.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031501.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031502.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031503.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031634.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031224.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031225.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20061015-214502-571.dll -> Adware.Coupons : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031608.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject -> Adware.FizzleBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject.1 -> Adware.FizzleBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CLSID -> Adware.FizzleBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CurVer -> Adware.FizzleBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP17\A0009352.exe -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP38\A0015814.exe -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-963546380-2644281483-2833476387-1008\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-963546380-2644281483-2833476387-1008\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-963546380-2644281483-2833476387-1008\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20061015-214502-151.dll -> Adware.IWon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031033.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031039.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031507.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031508.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\Cache\A137BBFBd01/WinATS.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20061015-214502-167.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031270.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031497.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031607.dll -> Adware.Mirar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\KBBar.KBBarBand -> Adware.PowerStrip : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\KBBar.KBBarBand.1 -> Adware.PowerStrip : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CLSID -> Adware.PowerStrip : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CurVer -> Adware.PowerStrip : Cleaned with backup (quarantined).
C:\WINDOWS\876056.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031242.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031249.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031505.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031506.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031243.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031038.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031038.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031038.exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031051.dll -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031052.dll -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031037.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031277.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031636.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031637.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031104.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031113.dll -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031115.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031098.dll -> Downloader.Dyfuca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031102.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031110.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031027.exe -> Downloader.Dyfuca.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031009.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031095.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031100.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031106.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031114.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031116.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031117.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0030085.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031034.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031035.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031099.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031029.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031109.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031107.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031101.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031026.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031108.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031638.exe -> Downloader.VB.ang : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031008.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\WINDOWS\ms06325854795.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\WINDOWS\avwfxpl.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031105.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031161.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Program Files\Movie Maker\viqok.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\NetMeeting\xusymokak.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP18\A0010138.exe -> Hijacker.Small.lr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP38\A0015801.exe -> Hijacker.Small.lr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP107\A0031504.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
:mozilla.404:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.406:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.407:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.408:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.409:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.410:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.411:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.412:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.413:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.414:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.415:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.416:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.417:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.418:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.419:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.420:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.421:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.422:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.423:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.424:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.425:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.426:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.427:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.428:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.429:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.430:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.431:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.432:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.433:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.434:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.435:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.436:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.615:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.291:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.292:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.571:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.572:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.343:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.344:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.345:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.346:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.347:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.348:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.349:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.350:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.230:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.231:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.232:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.240:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.241:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.31:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.629:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.384:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.257:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.258:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.259:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.260:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.261:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.262:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.263:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.599:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.575:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.37:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.835:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.627:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.628:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.546:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.547:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.548:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.551:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.552:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.847:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.27:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.28:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.29:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.30:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.607:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.612:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.549:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.550:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.561:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.562:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.767:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.768:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.555:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.557:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.597:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.598:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.613:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.614:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.843:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.265:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.266:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.773:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.774:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.775:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.776:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.777:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.778:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.377:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.378:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.379:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.611:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.214:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.215:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.216:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.217:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.218:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.283:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.284:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.285:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.648:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.649:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.650:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.651:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.652:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.653:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.654:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.655:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.385:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.386:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.387:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.388:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.389:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.390:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.391:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.392:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.393:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.394:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.731:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.732:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.465:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.466:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.760:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Spinbox : Cleaned.
:mozilla.100:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.101:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.102:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.103:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.104:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.105:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.106:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.107:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.108:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.109:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.110:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.111:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.112:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.113:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.114:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.115:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.116:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.117:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.118:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.119:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.122:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.123:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.124:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.125:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.126:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.127:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.128:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.129:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.130:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.131:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.132:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.133:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.134:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.135:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.136:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.137:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.138:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.139:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.140:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.141:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.142:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.143:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.144:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.94:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.95:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.96:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.97:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.98:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.99:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.440:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.443:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.444:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.446:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.647:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.274:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.249:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.250:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.251:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.252:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.253:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.254:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.255:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.256:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.14:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.20:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.22:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.23:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.450:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.451:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.452:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.453:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.454:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.455:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.840:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.224:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.225:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.226:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.227:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.228:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.229:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.206:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.207:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.213:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031112.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\WINDOWS\uninst108.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Administrator\Complete\Darik's Boot and Nuke SE.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0030058.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0030070.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP106\A0031103.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 2:17:17 AM, on 10/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Programs\Internet Tools\IM & Chat Clients\America Online 9.0\America Online 9.0\waol.exe
C:\PROGRA~1\COMPUT~1\avgamsvr.exe
C:\PROGRA~1\COMPUT~1\avgupsvc.exe
C:\PROGRA~1\COMPUT~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Programs\Internet Tools\IM & Chat Clients\America Online 9.0\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Programs\Internet Tools\Browsers\FireFox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avwfxplA] C:\WINDOWS\avwfxplA.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\Programs\Internet Tools\IM & Chat Clients\America Online 9.0\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Programs\Internet Tools\LiveJournal\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Programs\Internet Tools\LiveJournal\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Programs\Internet Tools\IM & Chat Clients\A.I.M\A.I.M. Files\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146505740375
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Computer Security\AVG Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\COMPUT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\COMPUT~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\COMPUT~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Programs\Misc. Software\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\avwfxpl.exe (file missing)
- Please go to Jotti's malware scan
- Copy and paste the following file path into the "File to upload & scan" box on the top of the page:
- C:\WINDOWS\system32\winpfg32.sys
- Click on the submit button
- Please post the results in your next reply.
Please do the same for these files:C:\WINDOWS\uccspecb.sys
C:\WINDOWS\system32\MILiveDownload3.dll
______________
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop. Double click FixServices.bat. A window will open and close. This is normal.
______________
Please post a new HijackThis log, plus the results from Jotti.
Scan saved at 4:03:13 AM, on 10/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\COMPUT~1\avgamsvr.exe
C:\PROGRA~1\COMPUT~1\avgupsvc.exe
C:\PROGRA~1\COMPUT~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Programs\Music Tools\Last.fm\Last.fm\LastFM.exe
C:\Program Files\Programs\Internet Tools\IM & Chat Clients\America Online 9.0\America Online 9.0\waol.exe
C:\Program Files\Programs\Internet Tools\IM & Chat Clients\America Online 9.0\America Online 9.0\shellmon.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avwfxplA] C:\WINDOWS\avwfxplA.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\Programs\Internet Tools\IM & Chat Clients\America Online 9.0\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Programs\Internet Tools\LiveJournal\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Programs\Internet Tools\LiveJournal\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Programs\Internet Tools\IM & Chat Clients\A.I.M\A.I.M. Files\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146505740375
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Computer Security\AVG Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\COMPUT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\COMPUT~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\COMPUT~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Programs\Misc. Software\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
File: winpfg32.sys
Status: OK
MD5 b539a001f1449eb45bbb1f4f6b055320
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found nothing
uccspecb.sys JOTTI SCAN
File: uccspecb.sys
Status: OK
MD5 2ed80575bdd4bb63c98ea039f51fd1ea
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found nothing
MILiveDownload3.dll JOTTI SCAN
File: MILiveDownload3.dll
Status: OK
MD5 5355cbfb01a5a8c8efb9abadb439198b
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Please do the following...
Please download Killbox and save it to your desktop. Do not do anything with it yet!
______________________________
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
O4 - HKLM\..\Run: [avwfxplA] C:\WINDOWS\avwfxplA.exe
- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis
______________________________
Copy everything in the Quote box below by pressing Ctrl+C Next, open Killbox
Go to File tab and select Paste from Clipboard
Select the Delete on Reboot option
Select All Files
Now click on the Red Circle with the White X
Press Yes to reboot your computer.
Once your computer has rebooted, please do an online scan with Panda ActiveScan
- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log
Scan saved at 2:12:16 PM, on 10/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Programs\Internet Tools\IM & Chat Clients\America Online 9.0\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\COMPUT~1\avgamsvr.exe
C:\PROGRA~1\COMPUT~1\avgupsvc.exe
C:\PROGRA~1\COMPUT~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Programs\Internet Tools\IM & Chat Clients\America Online 9.0\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Programs\Internet Tools\Browsers\FireFox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\Programs\Internet Tools\IM & Chat Clients\America Online 9.0\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Programs\Internet Tools\LiveJournal\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Programs\Internet Tools\LiveJournal\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Programs\Internet Tools\IM & Chat Clients\A.I.M\A.I.M. Files\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146505740375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Computer Security\AVG Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\COMPUT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\COMPUT~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\COMPUT~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Programs\Misc. Software\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Spyware:Spyware/7r7t Not disinfected C:\!KillBox\srvjsvdsrp.exe
Adware:Adware/DigInk Not disinfected C:\!KillBox\srvrdwxiqp.exe
Adware:Adware/DigInk Not disinfected C:\!KillBox\uni_e6h.exe
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[server.iad.liveperson.net/hc/51360992]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.overture.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[hc2.humanclick.com/hc/33541539]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.go.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8nibz3d7.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@belnk[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@casalemedia[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[2].txt
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\keyboard1.dat
copy everything in the Quote box below by pressing Ctrl+C Next, open Killbox
Go to File tab and select Paste from Clipboard
Select the Delete on Reboot option
Select Single File
Now click on the Red Circle with the White X
Press NO to reboot your computer later.
___________________________
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement."
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove the following...
- J2SE Runtime Environment 5.0 Update 5
- J2SE Runtime Environment 5.0 Update 6
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
___________________________Let me know how things are now.
My computer is MUCH better, thanks to you.
Every now and then, I still get a popup out of nowhere, but it's pretty good.
What should I do about the quarantined items from AVG Anti-Spyware? Just leave them there?
- Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
- Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
- Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
- Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
- Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
- Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
- Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
- Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
- Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.You can find instructions on how to enable and reenable system restore here:
Managing Windows Millenium System Restore
or
Windows XP System Restore Guide
Re-enable system restore with instructions from tutorial above
Next,
This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:
Step 1: Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.
This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.
Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
here are some additional utilities that will enhance your safety
- IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
- Google Toolbar <= Get the free google toolbar to help stop pop up windows.
- Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Hide System FilesUsing Winpatrol to protect your computer from malicious software