Project1 virus.. plz help![inactive]
Hi everyone,
I have contracted the project1 virus and having just browsed the internet I have noticed it is quite comon. I am not to wizz bang with computers so I have had difficulty understanding how to get rid of it. I have downloaded avast vius scaner and it cleared out most of the bugs but I was left with project1. Other people have posted a hjt (or something) but I don't know what it is or what that tells me bu if someone can help me get rid of it I woud greatly appreciate it.
Thanks, Chilli.
I have contracted the project1 virus and having just browsed the internet I have noticed it is quite comon. I am not to wizz bang with computers so I have had difficulty understanding how to get rid of it. I have downloaded avast vius scaner and it cleared out most of the bugs but I was left with project1. Other people have posted a hjt (or something) but I don't know what it is or what that tells me bu if someone can help me get rid of it I woud greatly appreciate it.
Thanks, Chilli.
0
This discussion has been closed.
Comments
Scan saved at 9:12:34 PM, on 22/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\kybrdff_e34.exe
C:\nwnmff_e34.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Common Files\{B8B7932C-0257-1033-0909-04020320003d}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Laura Davies\Desktop\hijack this.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Laura Davies\Desktop\in.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e34.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e34.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e34.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\h4l20e3oeh.dll (file missing)
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\ir8ml5l11.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
tanks again in advance, Chilli
- Close all windows before continuing.
- Double-click Look2Me-Destroyer.exe to run it.
- Put a check next to Run this program as a task.
- You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
- When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
- Once it's done scanning, click the Remove L2M button.
- You will receive a Done Scanning message, click OK.
- When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
- Your computer will then shutdown.
- Turn your computer back on.
- Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.If you receive a message from your firewall about this program accessing the internet please allow it.
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Thanks again.
L2m:
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 24/10/2006 8:36:03 PM
Infected! C:\WINDOWS\system32\h4l20e3oeh.dll
Infected! C:\WINDOWS\system32\p66slgj716o.dll
Infected! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP320\A0059807.dll
Infected! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP320\A0059809.dll
Infected! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0059856.dll
Infected! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0059876.dll
Infected! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0059889.dll
Infected! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0059909.dll
Infected! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0060916.dll
Infected! C:\WINDOWS\SYSTEM32\hrns0557e.dll
Infected! C:\WINDOWS\SYSTEM32\lv4409hqe.dll
Infected! C:\WINDOWS\SYSTEM32\p66slgj716o.dll
Infected! C:\WINDOWS\SYSTEM32\wspns.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\p66slgj716o.dll
C:\WINDOWS\system32\p66slgj716o.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP320\A0059807.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP320\A0059807.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP320\A0059809.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP320\A0059809.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0059856.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0059856.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0059876.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0059876.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0059889.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0059889.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0059909.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0059909.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0060916.dll
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0060916.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\hrns0557e.dll
C:\WINDOWS\SYSTEM32\hrns0557e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\lv4409hqe.dll
C:\WINDOWS\SYSTEM32\lv4409hqe.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\p66slgj716o.dll
C:\WINDOWS\SYSTEM32\p66slgj716o.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\wspns.dll
C:\WINDOWS\SYSTEM32\wspns.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reinstall
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{60BB63D7-D799-4E46-B092-C48351E58053}"
HKCR\Clsid\{60BB63D7-D799-4E46-B092-C48351E58053}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A6FA8263-61E7-45C3-A618-95BC3ABE82E3}"
HKCR\Clsid\{A6FA8263-61E7-45C3-A618-95BC3ABE82E3}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D08865D1-3270-4039-92A2-78C2AA43D191}"
HKCR\Clsid\{D08865D1-3270-4039-92A2-78C2AA43D191}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 8:44:45 PM, on 24/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\dfndrff_e35.exe
C:\kybrdff_e35.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\nwnmff_e35.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Common Files\{B8B7932C-0576-1033-0909-04020320003d}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Laura Davies\Desktop\hijack this.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Laura Davies\Desktop\in.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e35.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e35.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e35.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Double click the installer, select your language, and then select OK
Click NEXT>>Do or don't read the "User License Agreement"
Select I Agree>>>NEXT>>>INSTALL
AVG will now install and afterwards click FINISH
AVG Anti-Spyware 7.5 should now Load
Click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close AVG Anti-Spyware 7.5. Do not run it yet.
Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode at the top, on the screen that appears.
Sign in with your normal user account
Once in safe mode
Then run AVG Anti-Spyware 7.5 and click on the Scanner tab at the top
Click the "Settings" tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected and
Uncheck "Only if Threats are found"
Click back to the "Scan" tab and then click on Complete System Scan.
This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware 7.5 will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware 7.5 will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
please post that report back here along with new HJT log
AVG Anti-Spyware - Scan Report
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP320\A0059812.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\TGF1cmEgRGF2aWVz\trz2B.tmp -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Laura Davies\Local Settings\Temporary Internet Files\Content.IE5\CMKRA86V\Installer[1].exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP320\A0059808.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP320\A0059810.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0059862.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0059897.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0060920.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0060921.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0060922.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\NOMARTA.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\WV2HELP.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\PrintView\printhook030.dll -> Adware.PrintView : Cleaned with backup (quarantined).
C:\Program Files\PrintView\pvmodule.exe -> Adware.PrintView : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{38B7932C-0257-1033-0909-04020320003d}\MyToolBar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{B8B7932C-0257-1033-0909-04020320003d}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{B8B7932C-0257-1033-0909-04020320003d}\services.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{B8B7932C-0576-1033-0909-04020320003d}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{B8B7932C-0576-1033-0909-04020320003d}\services.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\Cache -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\about.html -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\basis.xml -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\deskbar.crc -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\deskbar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\deskbar.inf -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\icons.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\inst.bat -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbback.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbbigopen.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbclose.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbfwd.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mblogo.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\mbsep.bmp -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\options.html -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\softomate.gif -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\version.txt -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP311\A0054230.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP311\A0054232.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP311\A0055281.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP312\A0055406.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP320\A0059763.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0059833.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0059885.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0059901.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP323\A0059923.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0060972.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0060973.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\deskbar.exe -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E} -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38} -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F} -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DBTB00001.DBTB00001Deskbar -> Adware.Softomate : Cleaned with backup (quarantined).
HKU\S-1-5-21-3544459251-3490377168-3448054938-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Cleaned with backup (quarantined).
[764] C:\Program Files\Deskbar\deskbar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Companion Wizard\compwiz.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\msvcp71.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055703.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055704.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055705.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055706.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055707.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055708.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055709.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055710.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055711.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055712.ini -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055713.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055714.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055715.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055717.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055718.cpl -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055719.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055720.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055722.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055723.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055724.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055725.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055726.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055727.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055728.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055732.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055733.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055760.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\SpOrder.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-3544459251-3490377168-3448054938-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-3544459251-3490377168-3448054938-1008\Software\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-3544459251-3490377168-3448054938-1008\Software\WinAntiVirus Pro 2006\Settings -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP320\A0059806.exe -> Adware.Zestyfind : Cleaned with backup (quarantined).
C:\Documents and Settings\Laura Davies\drsmartload1135a.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP311\A0054215.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\mc44a3.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\mc44a34.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\kybrdff_e33.exe -> Downloader.Adload.gw : Cleaned with backup (quarantined).
C:\dfndrff_e34.exe -> Downloader.Adload.ha : Cleaned with backup (quarantined).
C:\nwnmff_e34.exe -> Downloader.Adload.hb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP320\A0059811.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\trz29.tmp -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Laura Davies\in.exe -> Dropper.PurityScan.ah : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP311\A0054217.exe -> Dropper.PurityScan.ah : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0055774.exe -> Dropper.PurityScan.ah : Cleaned with backup (quarantined).
C:\Documents and Settings\Laura Davies\Local Settings\Temporary Internet Files\Content.IE5\07N9Y53P\installdrivecleanerstart[1].cab/UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Laura Davies\Local Settings\Temporary Internet Files\Content.IE5\CMKRA86V\SystemDoctor2006FreeInstall[1].cab/USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
C:\Program Files\Network Monitor\trzB.tmp -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@247realmedia[2].txt[/email] -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@112.2o7[2].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@122.2o7[2].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@2o7[2].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@aotgroup.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@bigpond.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@dealnews.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@msnportal.112.2o7[2].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@partygaming.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@qantasairways.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@virginmobile.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@wotifcom.112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@2o7[2].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@msnportal.112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\Temp\Cookies\laura [email]davies@2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@adbrite[2].txt[/email] -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ads.addynamix[1].txt[/email] -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@rotator.adjuggler[2].txt[/email] -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@admarketplace[2].txt[/email] -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@adrevolver[3].txt[/email] -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@z1.adserver[1].txt[/email] -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@adtech[2].txt[/email] -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@advertising[2].txt[/email] -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@servedby.advertising[2].txt[/email] -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@adviva[2].txt[/email] -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@atdmt[2].txt[/email] -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@atdmt[2].txt[/email] -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@bfast[2].txt[/email] -> TrackingCookie.Bfast : Cleaned.
C:\WINDOWS\Temp\Cookies\laura [email]davies@bfast[1].txt[/email] -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@bluestreak[2].txt[/email] -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@www.burstbeacon[1].txt[/email] -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@burstnet[1].txt[/email] -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@www.burstnet[2].txt[/email] -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@casalemedia[1].txt[/email] -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@casalemedia[1].txt[/email] -> TrackingCookie.Casalemedia : Cleaned.
C:\WINDOWS\Temp\Cookies\laura [email]davies@casalemedia[2].txt[/email] -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@centrport[2].txt[/email] -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@clickbank[2].txt[/email] -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@cz3.clickzs[2].txt[/email] -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@cz6.clickzs[2].txt[/email] -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@cz7.clickzs[2].txt[/email] -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@cz9.clickzs[1].txt[/email] -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@vip.clickzs[2].txt[/email] -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@com[1].txt[/email] -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@com[1].txt[/email] -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@data.coremetrics[1].txt[/email] -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@cpvfeed[2].txt[/email] -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@cpvfeed[1].txt[/email] -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@cpvfeed[2].txt[/email] -> TrackingCookie.Cpvfeed : Cleaned.
C:\WINDOWS\Temp\Cookies\laura [email]davies@cpvfeed[2].txt[/email] -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@doubleclick[1].txt[/email] -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@doubleclick[2].txt[/email] -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@c.enhance[1].txt[/email] -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@www.epilot[1].txt[/email] -> TrackingCookie.Epilot : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@www.epilot[1].txt[/email] -> TrackingCookie.Epilot : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfk4qocpcfp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfkialcpckp.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfkicmajsko.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfkiehcpcko.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfkiehczoao.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfkikjdpwao.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfkikncjkkq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfkiupczkfp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfkoakajkcp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfkoujcjedo.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfkowndzilo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfkowodjmbo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfkyaod5eko.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfkyclczoco.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfkygjd5odp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfkyogdjkdo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfkyqidjglo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfkyukdpwho.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfl4ond5elq.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfl4sjajaco.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfl4upcjwfo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfliagc5gep.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wflianc5gbo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfliemazkap.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfliohdpoho.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfliwicjmdp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfloajc5mbo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wflockcjgdq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfloehczgdq.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfloeicpsko.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wflokgdjoko.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfloshdjigq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfloskajgep.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wflosmajeeq.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wflowmcjgfo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wflowpcjagp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wflyaodjkgp.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wflysnczmlq.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfmiekajcao.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfmiencpofp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfmighc5wbp.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfmiwgdjibo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfmiwpc5gap.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfmiwpdzgbq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfmyeodjecp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfmyqgajmcp.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wfmyulcpcdo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgk4ajcjefp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgk4kgcpigo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgkicjazmgo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgkielczkdo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgkigjajsfp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgkisldpoap.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgkiuhdpofp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgkoakdzogp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgkoamdzgeo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgkocnazsao.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgkogjczshp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgkoopcjsap.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgkyapajoaq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgkyapc5klp.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgkygkdjoep.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgkykjd5eao.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgkykmd5mfo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgkyqncpido.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgkyugcpeco.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgl4ejajcep.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgligkd5cao.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgligkdpwlo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgliujajado.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wglysjdpoeo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wgmywmczogp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6whk4ahdpaeq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6whkicidpwlp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6whkigjdjsbo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6whkygmdpgbo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjk4clcjolo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjk4gkdpwgq.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjk4gnazelo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjk4ujd5olo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjkowlcjekq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjkyskc5saq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjl4ahd5cdp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjlisoajeco.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjloajazglo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjlookajkdo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjlyendpmlp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjlywmazmhp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjlywodjkkp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjmiqlczmdq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjmycpdjigp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjmyqlc5kkp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjmyshc5aeq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@e-2dj6wjnyggdjsgo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@e-2dj6wgmiqmczodq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@estat[1].txt[/email] -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@euniverseads[1].txt[/email] -> TrackingCookie.Euniverseads : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@adopt.euroclick[2].txt[/email] -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@as-eu.falkag[2].txt[/email] -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@as-us.falkag[1].txt[/email] -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@as1.falkag[2].txt[/email] -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@as-eu.falkag[1].txt[/email] -> TrackingCookie.Falkag : Cleaned.
C:\WINDOWS\Temp\Cookies\laura [email]davies@as-eu.falkag[2].txt[/email] -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@fastclick[2].txt[/email] -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@findwhat[1].txt[/email] -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ehg-bizjournals.hitbox[1].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ehg-brisbanecity.hitbox[1].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ehg-buyseasons.hitbox[1].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ehg-chrysler.hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ehg-dig.hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ehg-eline.hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ehg-foxmovies.hitbox[1].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ehg-foxsports.hitbox[1].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ehg-hasbro.hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ehg-oreilly.hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ehg-playboy.hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ehg-pureprofile.hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ehg-tourismqueensland.hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@hg1.hitbox[1].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@hitbox[1].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@phg.hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@counter.hitslink[2].txt[/email] -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@counter2.hitslink[2].txt[/email] -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@hypertracker[1].txt[/email] -> TrackingCookie.Hypertracker : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ivwbox[1].txt[/email] -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@linksynergy[2].txt[/email] -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@server.iad.liveperson[2].txt[/email] -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@image.masterstats[1].txt[/email] -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@mediaplex[1].txt[/email] -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@mediaplex[1].txt[/email] -> TrackingCookie.Mediaplex : Cleaned.
C:\WINDOWS\Temp\Cookies\laura [email]davies@mediaplex[1].txt[/email] -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@valueclick.ne[1].txt[/email] -> TrackingCookie.Ne : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@data1.perf.overture[2].txt[/email] -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@data2.perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@data3.perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ads.planetactive[1].txt[/email] -> TrackingCookie.Planetactive : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ads.pointroll[1].txt[/email] -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@pro-market[1].txt[/email] -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@qksrv[1].txt[/email] -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@questionmarket[1].txt[/email] -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@project2.realtracker[1].txt[/email] -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@web4.realtracker[1].txt[/email] -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@stats1.reliablestats[2].txt[/email] -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@stats1.reliablestats[2].txt[/email] -> TrackingCookie.Reliablestats : Cleaned.
C:\WINDOWS\Temp\Cookies\laura [email]davies@stats1.reliablestats[2].txt[/email] -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@revenue[2].txt[/email] -> TrackingCookie.Revenue : Cleaned.
C:\WINDOWS\Temp\Cookies\laura [email]davies@revenue[2].txt[/email] -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@edge.ru4[1].txt[/email] -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@bs.serving-sys[1].txt[/email] -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@serving-sys[2].txt[/email] -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@serving-sys[1].txt[/email] -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@cs.sexcounter[2].txt[/email] -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@sexlist[1].txt[/email] -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@counter1.sextracker[2].txt[/email] -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@counter10.sextracker[2].txt[/email] -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@counter12.sextracker[1].txt[/email] -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@counter14.sextracker[2].txt[/email] -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@counter15.sextracker[1].txt[/email] -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@counter3.sextracker[1].txt[/email] -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@counter5.sextracker[1].txt[/email] -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@counter6.sextracker[1].txt[/email] -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@counter7.sextracker[1].txt[/email] -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@counter8.sextracker[1].txt[/email] -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@sextracker[2].txt[/email] -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@h.starware[1].txt[/email] -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@statcounter[1].txt[/email] -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@anad.tacoda[1].txt[/email] -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@anat.tacoda[1].txt[/email] -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@tacoda[1].txt[/email] -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@targetnet[2].txt[/email] -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@tradedoubler[1].txt[/email] -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@trafficmp[2].txt[/email] -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@tribalfusion[2].txt[/email] -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@tribalfusion[1].txt[/email] -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@valueclick[1].txt[/email] -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@server3.web-stat[2].txt[/email] -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@web-stat[2].txt[/email] -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@webstat[1].txt[/email] -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@weborama[2].txt[/email] -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@statse.webtrendslive[2].txt[/email] -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@xxxcounter[2].txt[/email] -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@yadro[1].txt[/email] -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@ad.yieldmanager[2].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@ad.yieldmanager[1].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@c4.zedo[1].txt[/email] -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Laura Davies\Cookies\laura [email]davies@zedo[1].txt[/email] -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Laura Davies\Local Settings\Temp\Cookies\laura [email]davies@zedo[2].txt[/email] -> TrackingCookie.Zedo : Cleaned.
C:\dfndrff_e33.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\nwnmff_e33.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
::Report end
Scan saved at 6:34:54 PM, on 25/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\dfndrff_e36.exe
C:\kybrdff_e36.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\nwnmff_e36.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Laura Davies\Desktop\hijack this.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Laura Davies\Desktop\in.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e36.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e36.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e36.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Thanks, Chilli.
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
Did i do something wrong?
Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.
Next, please reboot your computer in Safe Mode by doing the following:
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.
Restart your computer in normal mode.
Please post a new HijackThis log as well as the log from the smitRem tool, which will be located at C:\smitfiles.txt.
Thanks again for you help.
Logfile of HijackThis v1.99.1
Scan saved at 11:10:39 AM, on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\kybrdff_e54.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\nwnmff_e54.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\dfndrff_e54.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\windows_e54.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Documents and Settings\Laura Davies\Desktop\hijack this.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Laura Davies\Desktop\in.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e54.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e54.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e54.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [windows] C:\\windows_e54.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?a076a782b8f248ff82cf4769fa1418ae
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?a076a782b8f248ff82cf4769fa1418ae
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
thanks.
smitRem © log file
version 3.2
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Tue 31/10/2006
The current time is: 14:06:49.70
Running from
C:\Documents and Settings\Laura Davies\Desktop\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Appinitdll check ........ Thank you Grinler!
dumphive.exe (C)2000-2004 Markus Stephany
REGEDIT4
[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
XP Firewall allowed access
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
checking for drsmartload2 key
drsmartload2 key present!
Running drsmartload2 fix!
drsmartload2 key was successfully removed!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
amcompat.tlb
atmtd.dll
atmtd.dll._
nscompat.tlb
logfiles
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 768 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
Scan saved at 5:39:23 PM, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\alg.exe
C:\kybrdff_e66.exe
C:\nwnmff_e57.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\dfndrff_e66.exe
C:\windows_e58.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Laura Davies\Desktop\hijack this.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yourstartingpage.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Laura Davies\Desktop\in.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e66.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e57.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e66.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [windows] C:\\windows_e58.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?a076a782b8f248ff82cf4769fa1418ae
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?a076a782b8f248ff82cf4769fa1418ae
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Thanks.
Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Spyware & Virus Removal Forum
If you wish this topic reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead