[Solved]dr watson debugger crash and....
Hello there, I'm new to this forum and nice to meet you guys. People here are very friendly, I like it. I've read some posts about this problem but my problem seems a little different. I would really appreciate it if someone would/could help me. I'll write a long description about my problem and post other relevant information. I've followed the instructions in the 'read here first' thread.
My computer status: Windows XP Pro SP2 with 2 user accounts, I added one more after experiencing this problem. I have my reason for doing that. Please read on.
Problem description:
1. My computer was running fine. Then I installed something (i forgot what it was, my memory isn't that good, sorry) that required a reboot. So I rebooted the computer.
2. When it started up (i was using my primary account), the start bar won't load, actually nothing loaded, just my firewall and desktop background.
3. I waited a while since the cpu process light was flickering. But then nothing but an error box loaded. It has the title "dr watson debugger crash", roughly. Then it had a send report or don't send option. I viewed the report, haha, it was just plain Gibberish for me...:confused2
4. I switched users by using the windows+L key, the mouse was completely useless. Then I logged in to another user and it worked fine.
5. Eventually I rebooted the computer again. The problem recurred with my primary user account.
6. Then I created a new account to see if the problem happens there. Nothing happened.
7. Soon (after several times of logging in and out), the problem happened in the newest account. I was very afraid, I started backing up everything...well, almost.
8. The only "safe" account was the second one. But that didn't last very long.
9. The thing is if the problem happens in user account #1, it may happen to #2 OR #3, not both. However, it happens most in my primary user account.
What I did:
1) Scanned my computer with CA Antivirus, Spybot S&D, Ad-Aware. All have updated definition files. The result was: Clean.
2) I did a search and stumbled onto this friendly and helpful community. I read the "read here first" post and did everything.
3) Panda's scan showed that I have a few suspicious files.
4) Kaspersky showed a few infections too.
5) BitDefender scan came out all clean.
6) I downloaded HijackThis! and did a scan and saved a log file.
I'll post everything I've gathered below. The HJT log and the online scan results. Thanks for reading.
HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 1:08:47 PM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ZoneLabs\UpdClient.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caav.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avant Browser\avant.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Documents and Settings\Emergency Use\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: PPGou BHO - {00000000-0000-0000-0000-C4CA9A05F1E2} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Program Files\Netcraft Toolbar\nctb.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Ìí¼Óµ½ÑÅ»¢ÊÕ²Ø+ - http://myweb.cn.yahoo.com/post.html?F=D2_A
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{802B2252-4D91-416B-B027-87A377A58175}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Panda ActiveScan results:
Incident Status Location
Adware:adware/alexa-toolbar Not disinfected Windows Registry
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Depriving Life\Application Data\Mozilla\Firefox\Profiles\1y2ef04y.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Depriving Life\Application Data\Mozilla\Firefox\Profiles\1y2ef04y.default\cookies.txt[.zedo.com/]
Adware:Adware/Alexa-Toolbar Not disinfected C:\Documents and Settings\Depriving Life\My Documents\immature stuff\AlexaInstaller.exe
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[pec2rsrc_polish.dll]
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[PETrim.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[peclassify.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[PEHideText.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[PEInsert.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[PEChksum.exe]
Kaspersky scan results:
KASPERSKY ONLINE SCANNER REPORT
Friday, October 27, 2006 2:10:09 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/10/2006
Kaspersky Anti-Virus database records: 235341
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 57172
Number of viruses found: 4
Number of infected objects: 23 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:07:22
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Depriving Life\My Documents\immature stuff\AlexaInstaller.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.AlexaBar.a skipped
C:\Documents and Settings\Depriving Life\My Documents\immature stuff\AlexaInstaller.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.AlexaBar.b skipped
C:\Documents and Settings\Depriving Life\My Documents\immature stuff\AlexaInstaller.exe/stream Infected: not-a-virus:AdWare.Win32.AlexaBar.b skipped
C:\Documents and Settings\Depriving Life\My Documents\immature stuff\AlexaInstaller.exe NSIS: infected - 3 skipped
C:\Documents and Settings\Depriving Life\My Documents\Software\mirc62.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Documents and Settings\Depriving Life\My Documents\Software\mirc62.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Documents and Settings\Depriving Life\My Documents\Software\mirc62.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Depriving Life\My Documents\Usefuls\videoaudio\freeripmp3.exe/Stream/data0037 Infected: not-a-virus:AdWare.Win32.MyWebSearch.ak skipped
C:\Documents and Settings\Depriving Life\My Documents\Usefuls\videoaudio\freeripmp3.exe/Stream Infected: not-a-virus:AdWare.Win32.MyWebSearch.ak skipped
C:\Documents and Settings\Depriving Life\My Documents\Usefuls\videoaudio\freeripmp3.exe Inno: infected - 2 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Shakespeare\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\History\History.IE5\MSHist012006102720061028\index.dat Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\Temp\Perflib_Perfdata_b4c.dat Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\Temp\~DF1988.tmp Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\Temp\~DF336B.tmp Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\Temp\~DF858D.tmp Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\Temp\~DFD616.tmp Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Shakespeare\My Documents\My Received Files\[aarinfantasy] Haru wo Daiteita OVA1.avi Object is locked skipped
C:\Documents and Settings\Shakespeare\ntuser.dat Object is locked skipped
C:\Documents and Settings\Shakespeare\NTUSER.DAT.LOG Object is locked skipped
C:\MySQL Datafiles\ibdata1 Object is locked skipped
C:\Program Files\Apache Group\Apache2\logs\access.log Object is locked skipped
C:\Program Files\Apache Group\Apache2\logs\error.log Object is locked skipped
C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{BAFA84F8-5A33-4ACD-AD10-58356B27A0F1}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.ilg Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile0 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile1 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\thirdreich.err Object is locked skipped
C:\RECYCLER\S-1-5-21-1645522239-2052111302-682003330-1006\Dc313.exe Object is locked skipped
C:\RECYCLER\S-1-5-21-1645522239-2052111302-682003330-1006\Dc314.exe Object is locked skipped
C:\RECYCLER\S-1-5-21-1645522239-2052111302-682003330-1006\Dc317\Upload\inc\captcha_fonts\edmunds.ttf Object is locked skipped
C:\RECYCLER\S-1-5-21-1645522239-2052111302-682003330-1006\Dc317\Upload\inc\captcha_fonts\MINYN___.ttf Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046456.exe/Stream/data0037 Infected: not-a-virus:AdWare.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046456.exe/Stream Infected: not-a-virus:AdWare.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046456.exe Inno: infected - 2 skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046487.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.AlexaBar.a skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046487.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.AlexaBar.b skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046487.exe/stream Infected: not-a-virus:AdWare.Win32.AlexaBar.b skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046487.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046509.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046509.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046509.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP259\A0046722.exe/stream Infected: not-a-virus:AdWare.Win32.AlexaBar.b skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP259\A0046722.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP259\A0046723.dll Infected: not-a-virus:AdWare.Win32.AlexaBar.a skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP259\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\THIRDREICH.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd9005.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ib2 Object is locked skipped
C:\WINDOWS\Temp\ib3 Object is locked skipped
C:\WINDOWS\Temp\ib4 Object is locked skipped
C:\WINDOWS\Temp\ib5 Object is locked skipped
C:\WINDOWS\Temp\ib6 Object is locked skipped
C:\WINDOWS\Temp\ZLT0723c.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0723f.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP259\change.log Object is locked skipped
Scan process completed.
I will upload the online scan results as attachment just in case. It's hard to read here.
Thanks for your time!
My computer status: Windows XP Pro SP2 with 2 user accounts, I added one more after experiencing this problem. I have my reason for doing that. Please read on.
Problem description:
1. My computer was running fine. Then I installed something (i forgot what it was, my memory isn't that good, sorry) that required a reboot. So I rebooted the computer.
2. When it started up (i was using my primary account), the start bar won't load, actually nothing loaded, just my firewall and desktop background.
3. I waited a while since the cpu process light was flickering. But then nothing but an error box loaded. It has the title "dr watson debugger crash", roughly. Then it had a send report or don't send option. I viewed the report, haha, it was just plain Gibberish for me...:confused2
4. I switched users by using the windows+L key, the mouse was completely useless. Then I logged in to another user and it worked fine.
5. Eventually I rebooted the computer again. The problem recurred with my primary user account.
6. Then I created a new account to see if the problem happens there. Nothing happened.
7. Soon (after several times of logging in and out), the problem happened in the newest account. I was very afraid, I started backing up everything...well, almost.
8. The only "safe" account was the second one. But that didn't last very long.
9. The thing is if the problem happens in user account #1, it may happen to #2 OR #3, not both. However, it happens most in my primary user account.
What I did:
1) Scanned my computer with CA Antivirus, Spybot S&D, Ad-Aware. All have updated definition files. The result was: Clean.
2) I did a search and stumbled onto this friendly and helpful community. I read the "read here first" post and did everything.
3) Panda's scan showed that I have a few suspicious files.
4) Kaspersky showed a few infections too.
5) BitDefender scan came out all clean.
6) I downloaded HijackThis! and did a scan and saved a log file.
I'll post everything I've gathered below. The HJT log and the online scan results. Thanks for reading.
HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 1:08:47 PM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ZoneLabs\UpdClient.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caav.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avant Browser\avant.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Documents and Settings\Emergency Use\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: PPGou BHO - {00000000-0000-0000-0000-C4CA9A05F1E2} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Program Files\Netcraft Toolbar\nctb.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Ìí¼Óµ½ÑÅ»¢ÊÕ²Ø+ - http://myweb.cn.yahoo.com/post.html?F=D2_A
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{802B2252-4D91-416B-B027-87A377A58175}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Panda ActiveScan results:
Incident Status Location
Adware:adware/alexa-toolbar Not disinfected Windows Registry
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Depriving Life\Application Data\Mozilla\Firefox\Profiles\1y2ef04y.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Depriving Life\Application Data\Mozilla\Firefox\Profiles\1y2ef04y.default\cookies.txt[.zedo.com/]
Adware:Adware/Alexa-Toolbar Not disinfected C:\Documents and Settings\Depriving Life\My Documents\immature stuff\AlexaInstaller.exe
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[pec2rsrc_polish.dll]
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[PETrim.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[peclassify.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[PEHideText.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[PEInsert.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[PEChksum.exe]
Kaspersky scan results:
KASPERSKY ONLINE SCANNER REPORT
Friday, October 27, 2006 2:10:09 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/10/2006
Kaspersky Anti-Virus database records: 235341
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 57172
Number of viruses found: 4
Number of infected objects: 23 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:07:22
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Depriving Life\My Documents\immature stuff\AlexaInstaller.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.AlexaBar.a skipped
C:\Documents and Settings\Depriving Life\My Documents\immature stuff\AlexaInstaller.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.AlexaBar.b skipped
C:\Documents and Settings\Depriving Life\My Documents\immature stuff\AlexaInstaller.exe/stream Infected: not-a-virus:AdWare.Win32.AlexaBar.b skipped
C:\Documents and Settings\Depriving Life\My Documents\immature stuff\AlexaInstaller.exe NSIS: infected - 3 skipped
C:\Documents and Settings\Depriving Life\My Documents\Software\mirc62.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Documents and Settings\Depriving Life\My Documents\Software\mirc62.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Documents and Settings\Depriving Life\My Documents\Software\mirc62.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Depriving Life\My Documents\Usefuls\videoaudio\freeripmp3.exe/Stream/data0037 Infected: not-a-virus:AdWare.Win32.MyWebSearch.ak skipped
C:\Documents and Settings\Depriving Life\My Documents\Usefuls\videoaudio\freeripmp3.exe/Stream Infected: not-a-virus:AdWare.Win32.MyWebSearch.ak skipped
C:\Documents and Settings\Depriving Life\My Documents\Usefuls\videoaudio\freeripmp3.exe Inno: infected - 2 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Shakespeare\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\History\History.IE5\MSHist012006102720061028\index.dat Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\Temp\Perflib_Perfdata_b4c.dat Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\Temp\~DF1988.tmp Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\Temp\~DF336B.tmp Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\Temp\~DF858D.tmp Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\Temp\~DFD616.tmp Object is locked skipped
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Shakespeare\My Documents\My Received Files\[aarinfantasy] Haru wo Daiteita OVA1.avi Object is locked skipped
C:\Documents and Settings\Shakespeare\ntuser.dat Object is locked skipped
C:\Documents and Settings\Shakespeare\NTUSER.DAT.LOG Object is locked skipped
C:\MySQL Datafiles\ibdata1 Object is locked skipped
C:\Program Files\Apache Group\Apache2\logs\access.log Object is locked skipped
C:\Program Files\Apache Group\Apache2\logs\error.log Object is locked skipped
C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{BAFA84F8-5A33-4ACD-AD10-58356B27A0F1}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.ilg Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile0 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile1 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\thirdreich.err Object is locked skipped
C:\RECYCLER\S-1-5-21-1645522239-2052111302-682003330-1006\Dc313.exe Object is locked skipped
C:\RECYCLER\S-1-5-21-1645522239-2052111302-682003330-1006\Dc314.exe Object is locked skipped
C:\RECYCLER\S-1-5-21-1645522239-2052111302-682003330-1006\Dc317\Upload\inc\captcha_fonts\edmunds.ttf Object is locked skipped
C:\RECYCLER\S-1-5-21-1645522239-2052111302-682003330-1006\Dc317\Upload\inc\captcha_fonts\MINYN___.ttf Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046456.exe/Stream/data0037 Infected: not-a-virus:AdWare.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046456.exe/Stream Infected: not-a-virus:AdWare.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046456.exe Inno: infected - 2 skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046487.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.AlexaBar.a skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046487.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.AlexaBar.b skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046487.exe/stream Infected: not-a-virus:AdWare.Win32.AlexaBar.b skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046487.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046509.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046509.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP257\A0046509.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP259\A0046722.exe/stream Infected: not-a-virus:AdWare.Win32.AlexaBar.b skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP259\A0046722.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP259\A0046723.dll Infected: not-a-virus:AdWare.Win32.AlexaBar.a skipped
C:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP259\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\THIRDREICH.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd9005.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ib2 Object is locked skipped
C:\WINDOWS\Temp\ib3 Object is locked skipped
C:\WINDOWS\Temp\ib4 Object is locked skipped
C:\WINDOWS\Temp\ib5 Object is locked skipped
C:\WINDOWS\Temp\ib6 Object is locked skipped
C:\WINDOWS\Temp\ZLT0723c.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0723f.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{B7DC1250-2B2E-42B6-BEB3-F7BB06D613EB}\RP259\change.log Object is locked skipped
Scan process completed.
I will upload the online scan results as attachment just in case. It's hard to read here.
Thanks for your time!
0
This discussion has been closed.
Comments
Your problem may or may not be malware related, but we can check by doing some other scans. For now, please do the following...
- Please go to Jotti's malware scan
- Copy and paste the following file path into the "File to upload & scan" box on the top of the page:
- C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe
- Click on the submit button
- Please post the results in your next reply.
Do the same for the following:C:\Documents and Settings\Depriving Life\My Documents\immature stuff\AlexaInstaller.exe
Also, I would like to see another log from HijackThis.
Post the scan results, and the Uninstall list.
Scan results for C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe:
File: pec2setup.exe
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
MD5 a5b6427f77e77528d24177b2a3d6a063
Packers detected: PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Scan results for C:\Documents and Settings\Depriving Life\My Documents\immature stuff\AlexaInstaller.exe:
File: AlexaInstaller.exe
Status: INFECTED/MALWARE
MD5 483e6e4f5abca63f199f1a81a39a7528
Packers detected: -
Scanner results
AntiVir Found Adware-Spyware/Alexa.A adware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Generic2.EWV
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found Adware/AlexaBar
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.AlexaBar.a, not-a-virus:AdWare.Win32.AlexaBar.b
NOD32 Found Win32/Adware.Alexa application
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found AdWare.Win32.AlexaBar.b
The Uninstall List:
A.F.7 Merge your files 1.3
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Apache HTTP Server 2.0.55
Apple Software Update
ATnotes Version 9.5
Audacity 1.2.4
AutoHotkey 1.0.44.08
Avant Browser (remove only)
Badongo
Belarc Advisor 7.2
BitLord 1.1
CA Anti-Virus
Cambridge Advanced Learner's Dictionary
Combined Community Codec Pack 2006-07-28 (Remove Only)
dBpowerAMP AAC Codec
dBpowerAMP Mp4 & AAC Decode Codec
dBpowerAMP Music Converter
Direct Show Ogg Vorbis Filter (remove only)
dMC Power Pack
EAX Unified
eSnips
FileZilla (remove only)
FlashGet(JetCar)
Fraps (remove only)
Free Download Manager 2.1
FreeRIP v2.945
Gadwin PrintScreen
GTK+ 2.8.9 runtime environment
Hercules uploader v0.4.0.50
HijackThis 1.99.1
Intel(R) Extreme Graphics Driver
iTunes
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
JAP
Japanese Language Support
Juice 2.2
Kaspersky Online Scanner
K-Lite Codec Pack 2.76 Full
Lame ACM MP3 Codec
LiveUpdate
Macromedia Shockwave Player
Maxthon Browser (remove only)
MediaMonkey 2.5
MediaShow 3.0
Microsoft Office XP Professional with FrontPage
MKVtoolnix 1.7.0
Mozilla Firefox (1.5)
Mozilla Thunderbird (1.5)
MSN
MSN Music Assistant
MSXML4 Parser
MySQL Server 5.0
Nero Suite
Netcraft Toolbar
NJStar Chinese WP
oggcodecs 0.71.0946
Panda ActiveScan
PhotoNow! 1.0
PHP 5.1.2
PowerDVD
PowerISO
QuickTime
RealPlayer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sonic Update Manager
Speed Up Alarm
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SpywareGuard v2.2
Startup Cop
Subtitle Workshop 2.51
The GIMP 2.2.9
Total Recorder 6.0
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VideoLAN VLC media player 0.8.4
VobSub v2.23 (Remove Only)
Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows Registry Repair Pro
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
ZoneAlarm
J2SE Runtime Environment 5.0 Update 6
LiveUpdate
____________________________
Find and delete the following:
C:\Documents and Settings\Depriving Life\My Documents\immature stuff\AlexaInstaller.exe << this file
Do you recognise this file?
C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe
Let me know about the above file, and then we can run other scans.
LiveUpdate: Unable to delete, the error messages:
Error1: Title: Internal Failure
Error Number: 0x80040707
Description: N/A
Error2:Occurs after error 1
Description: Access is denied
C:\Documents and Settings\Depriving Life\My Documents\immature stuff\AlexaInstaller.exe: Deleted
C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe: Yes, I do recognise this file. I downloaded it from http://www.bitsum.com/pec2.asp. I wanted to compress some files, but it didn't do the job. I keep lots of junk in my computer too...
Awaiting further orders, Sir Trogan! :kneel:
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
- Install AVG Anti-Spyware by double clicking the installer.
- Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
- On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
- Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
Once in Safe Mode:Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
- Click on Scanner on the toolbar.
- Click on the Settings tab.
- Under How to act?
- Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
- All checkboxes should be ticked.
- Under Possibly unwanted software:
- All checkboxes should be ticked.
- Under Reports:
- Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
- Select Scan every file.
- Click on the Scan tab.
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
- When the scan has finished, follow the instructions below.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
- When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes
. Reboot back into Normal Mode, and post a new HJT log, along with the AVG anti-spyware log.IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
New HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 5:13:45 PM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Emergency Use\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: PPGou BHO - {00000000-0000-0000-0000-C4CA9A05F1E2} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Program Files\Netcraft Toolbar\nctb.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Furl It - http://www.furl.net/resources/rightClick.jsp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{802B2252-4D91-416B-B027-87A377A58175}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: FAH@C:+Documents and Settings+Shakespeare+My Documents+My Received Files+FAH502-Console.exe - Stanford University - C:\Documents and Settings\Shakespeare\My Documents\My Received Files\FAH502-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
The AVG Anti-Spyware results will be in the next post right below this post, because it's too long...
AVG Anti-Spyware - Scan Report
+ Created at: 5:01:49 PM 11/3/2006
+ Scan result:
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\2KXRFQDB\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\2KXRFQDB\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\2KXRFQDB\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\2KXRFQDB\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\2KXRFQDB\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\2KXRFQDB\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\2KXRFQDB\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\2KXRFQDB\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\2KXRFQDB\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\2KXRFQDB\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\2KXRFQDB\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\2KXRFQDB\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\2KXRFQDB\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\2KXRFQDB\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\2KXRFQDB\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\2KXRFQDB\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\2KXRFQDB\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\7UILRLDE\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[21].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[22].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[23].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\81O7CR4B\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[21].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\BD34XJ3O\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\E5SF21AL\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[21].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[22].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[23].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[24].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[25].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[26].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[27].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[28].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[29].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\GX4TQVK5\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[21].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[22].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[23].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[24].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[25].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[26].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\KNET56HB\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\M9CFM3G5\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[21].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[22].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[23].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[82].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\RHGCPZ3P\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[21].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[22].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[23].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[24].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[25].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[91].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SDYBG1QF\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[21].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[22].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[23].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[24].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[25].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[26].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[27].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[88].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[89].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\SLMBOXM3\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[13].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[14].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[15].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[16].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[17].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[18].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[19].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[20].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[21].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[22].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[23].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[24].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Shakespeare\Local Settings\Temporary Internet Files\Content.IE5\ZPKE37CX\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Emergency Use\Cookies\emergency [email]use@msnportal.112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
:mozilla.10:C:\Documents and Settings\Depriving Life\Application Data\Mozilla\Firefox\Profiles\1y2ef04y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.11:C:\Documents and Settings\Depriving Life\Application Data\Mozilla\Firefox\Profiles\1y2ef04y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Emergency Use\Cookies\emergency [email]use@adbrite[2].txt[/email] -> TrackingCookie.Adbrite : Cleaned.
:mozilla.39:C:\Documents and Settings\Depriving Life\Application Data\Mozilla\Firefox\Profiles\1y2ef04y.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.32:C:\Documents and Settings\Depriving Life\Application Data\Mozilla\Firefox\Profiles\1y2ef04y.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Shakespeare\Cookies\shakespeare@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.37:C:\Documents and Settings\Depriving Life\Application Data\Mozilla\Firefox\Profiles\1y2ef04y.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.38:C:\Documents and Settings\Depriving Life\Application Data\Mozilla\Firefox\Profiles\1y2ef04y.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
::Report end
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: PPGou BHO - {00000000-0000-0000-0000-C4CA9A05F1E2} - (no file)
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis
Reboot your computer, and do an online scan with Panda ActiveScan
- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log
Panda ActiveScan results:
Incident Status Location
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[pec2rsrc_polish.dll]
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[PETrim.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[peclassify.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[PEHideText.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[PEInsert.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Depriving Life\My Documents\Software\pec2setup.exe[PEChksum.exe]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Emergency Use\Cookies\emergency [email]use@atwola[1].txt[/email]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Emergency Use\Cookies\emergency [email]use@bravenet[1].txt[/email]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Emergency Use\Cookies\emergency [email]use@com[1].txt[/email]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Emergency Use\Cookies\emergency [email]use@gostats[1].txt[/email]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Emergency Use\Cookies\emergency [email]use@landing.domainsponsor[1].txt[/email]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Emergency Use\Cookies\emergency [email]use@server.iad.liveperson[1].txt[/email]
Spyware:Cookie/Yadro
New HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 11:30:11 AM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ZoneLabs\UpdClient.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\FileZilla\FileZilla.exe
c:\windows\system32\prmrsr.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\Emergency Use\Desktop\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Program Files\Netcraft Toolbar\nctb.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [PermissionResearch] c:\windows\system32\prmrsr.exe -boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Furl It - http://www.furl.net/resources/rightClick.jsp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{802B2252-4D91-416B-B027-87A377A58175}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PermissionResearch - C:\WINDOWS\system32\prls.dll
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: FAH@C:+Documents and Settings+Shakespeare+My Documents+My Received Files+FAH502-Console.exe - Stanford University - C:\Documents and Settings\Shakespeare\My Documents\My Received Files\FAH502-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O4 - HKLM\..\Run: [PermissionResearch] c:\windows\system32\prmrsr.exe -boot
If not, then lets get the file scanned.
STATUS: FINISHED
Complete scanning result of "prmrsr.exe", received in VirusTotal at 11.09.2006, 08:43:12 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.39 11.09.2006 HEUR/Malware
Authentium 4.93.8 11.08.2006 no virus found
Avast 4.7.892.0 11.07.2006 no virus found
AVG 386 11.08.2006 no virus found
BitDefender 7.2 11.09.2006 no virus found
CAT-QuickHeal 8.00 11.08.2006 no virus found
ClamAV devel-20060426 11.09.2006 no virus found
DrWeb 4.33 11.08.2006 no virus found
eTrust-InoculateIT 23.73.50 11.09.2006 no virus found
eTrust-Vet 30.3.3184 11.09.2006 no virus found
Ewido 4.0 11.08.2006 no virus found
Fortinet 2.82.0.0 11.09.2006 no virus found
F-Prot 3.16f 11.08.2006 no virus found
F-Prot4 4.2.1.29 11.08.2006 no virus found
Ikarus 0.2.65.0 11.09.2006 no virus found
Kaspersky 4.0.2.24 11.09.2006 no virus found
McAfee 4891 11.08.2006 potentially unwanted program Proxy-OSS
Microsoft 1.1609 11.09.2006 no virus found
NOD32v2 1.1859 11.08.2006 no virus found
Norman 5.80.02 11.08.2006 no virus found
Panda 9.0.0.4 11.08.2006 no virus found
Sophos 4.11.0 11.07.2006 no virus found
TheHacker 6.0.1.116 11.09.2006 no virus found
UNA 1.83 11.08.2006 no virus found
VBA32 3.11.1 11.08.2006 no virus found
VirusBuster 4.3.15:9 11.08.2006 no virus found
Aditional Information
File size: 1433600 bytes
MD5: 672f59a440ed7e9ad68835de35e9f272
SHA1: 4e7c7651a2ea3b8aa00ae7bda671a076f81571da
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
O4 - HKLM\..\Run: [PermissionResearch] c:\windows\system32\prmrsr.exe -boot
- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis
Run HijackThis again and click on Open the Misc Tools section.
Click on Delete a file on reboot...
Copy and paste the following into the "File name:" text box and then click Open:
c:\windows\system32\prmrsr.exe
When you are asked "Do you want to restart your computer now?", click OK.
Your PC MUST reboot to delete the file!
_____________________
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the ComboFix log back here
Emergency Use - 06-11-10 23:07:07.21 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Emergency Use\My Documents\My Received Files"
((((((((((((((((((((((((((((((( Files Created from 2006-10-10 to 2006-11-10 ))))))))))))))))))))))))))))))))))
2006-11-07 06:56 245,760 --a
C:\WINDOWS\system32\prxf.dll
2006-11-07 06:50 8,464 --a
C:\WINDOWS\system32\sporder.dll
2006-11-07 06:50 299,008 --a
C:\WINDOWS\system32\prls.dll
2006-11-03 13:14 3,968 --a
C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-29 14:16 3,840 --a
C:\WINDOWS\system32\drivers\BANTExt.sys
2006-10-28 11:16 149,376 --a
C:\WINDOWS\system32\drivers\tffsport.sys
2006-10-13 14:10 95,760 --a
C:\WINDOWS\system32\isafeif.dll
2006-10-13 14:10 75,280 --a
C:\WINDOWS\system32\vetredir.dll
2006-10-13 14:10 75,280 --a
C:\WINDOWS\system32\isafprod.dll
2006-10-13 14:10 629,216 --a
C:\WINDOWS\system32\drivers\vetefile.sys
2006-10-13 14:10 32,528 --a
C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-10-13 14:10 26,640 --a
C:\WINDOWS\system32\drivers\vet-filt.sys
2006-10-13 14:10 21,648 --a
C:\WINDOWS\system32\drivers\vetfddnt.sys
2006-10-13 14:10 21,392 --a
C:\WINDOWS\system32\drivers\vet-rec.sys
2006-10-13 14:10 108,544 --a
C:\WINDOWS\system32\drivers\veteboot.sys
2006-10-13 00:30 446,464 --a
C:\WINDOWS\system32\AlxRes.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-10 23:06
d
C:\Program Files\FlashGet
2006-11-10 10:46
d
C:\Program Files\Mozilla Thunderbird
2006-11-07 16:16
d
C:\Documents and Settings\Emergency Use\Application Data\Free Download Manager
2006-11-07 08:36
d
C:\Program Files\WinRAR
2006-11-07 08:36
d
C:\Program Files\SpywareGuard
2006-11-07 08:36
d
C:\Program Files\QuickTime
2006-11-07 08:35
d
C:\Program Files\PowerISO
2006-11-07 08:35
d
C:\Program Files\MSN Messenger
2006-11-07 08:31
d
C:\Program Files\Maxthon
2006-11-07 08:30
d
C:\Program Files\iTunes
2006-11-07 08:28
d
C:\Program Files\Free Download Manager
2006-11-07 08:28
d
C:\Program Files\FileZilla
2006-11-07 08:28
d
C:\Program Files\eSnips
2006-11-07 06:47
d
C:\Program Files\Common Files\InstallShield
2006-11-06 17:20
d
C:\Documents and Settings\Emergency Use\Application Data\NJStar
2006-11-05 16:47
d
C:\Documents and Settings\Emergency Use\Application Data\Real
2006-11-05 16:40
d---s---- C:\Documents and Settings\Emergency Use\Application Data\Microsoft
2006-11-05 16:40
d
C:\Documents and Settings\Emergency Use\Application Data\Sun
2006-11-05 14:53
d
C:\Documents and Settings\Emergency Use\Application Data\Thunderbird
2006-11-05 14:53
d
C:\Documents and Settings\Emergency Use\Application Data\Talkback
2006-11-05 14:53
d
C:\Documents and Settings\Emergency Use\Application Data\Mozilla
2006-11-05 14:23
d
C:\Documents and Settings\Emergency Use\Application Data\dvdcss
2006-11-05 13:40
d
C:\Program Files\Illustrate
2006-11-03 13:14
d
C:\Program Files\Grisoft
2006-10-31 23:26
d
C:\Program Files\Alexa Toolbar
2006-10-31 21:09
d
C:\Program Files\Netcraft Toolbar
2006-10-31 18:21
d--h
C:\Program Files\InstallShield Installation Information
2006-10-29 14:16
d
C:\Program Files\Belarc
2006-10-29 14:11
d
C:\Documents and Settings\Emergency Use\Application Data\Help
2006-10-29 13:17
d
C:\Documents and Settings\Emergency Use\Application Data\AdobeUM
2006-10-29 13:16
d
C:\Documents and Settings\Emergency Use\Application Data\Adobe
2006-10-29 13:04
d
C:\Documents and Settings\Emergency Use\Application Data\Cambridge
2006-10-28 07:25
d
C:\Documents and Settings\Emergency Use\Application Data\Macromedia
2006-10-27 05:57
d
C:\Program Files\Zone Labs
2006-10-26 20:37
d
C:\Documents and Settings\Emergency Use\Application Data\Lavasoft
2006-10-26 19:56
d
C:\Documents and Settings\Emergency Use\Application Data\vlc
2006-10-26 08:35
d
C:\Program Files\Avant Browser
2006-10-26 08:18
d
C:\Program Files\Mozilla Firefox
2006-10-24 13:17
d
C:\Documents and Settings\Emergency Use\Application Data\Identities
2006-10-24 13:16
d
C:\Program Files\Windows Media Player
2006-10-24 06:50
d
C:\Program Files\SpywareBlaster
2006-10-23 14:11
d
C:\Program Files\LeechGet 2006
2006-10-23 11:20
d
C:\Program Files\JAP
2006-10-21 10:46
d
C:\Program Files\Java
2006-10-21 10:33
d
C:\Program Files\leechget
2006-10-20 12:01
d
C:\Program Files\Yahoo!
2006-10-20 01:27
d
C:\Program Files\NJStar Chinese WP
2006-10-19 12:47
d
C:\Program Files\Apple Software Update
2006-10-14 17:21
d
C:\Program Files\Speed Up Alarm
2006-10-14 17:11
d
C:\Program Files\Kirby Alarm
2006-10-14 09:49
d
C:\Program Files\Badongo
2006-10-13 17:22
d
C:\Program Files\WinISO
2006-10-13 17:22
d
C:\Program Files\ScummVM
2006-10-13 14:10
d
C:\Program Files\CA
2006-10-13 05:29
d
C:\Program Files\7-Zip
2006-10-10 19:42
d
C:\Program Files\MUSICMATCH
2006-09-30 14:38
d
C:\Program Files\Common Files
2006-09-30 12:01
d
C:\Program Files\CXR
2006-09-30 08:00
d
C:\Program Files\Juice
2006-09-29 21:13
d
C:\Program Files\iPod
2006-09-23 16:11
d
C:\Program Files\Giganology
2006-09-20 16:07
d
C:\Program Files\VisualSubSync
2006-09-17 20:41
d
C:\Program Files\MKVtoolnix
2006-09-17 17:48 131584 --a
C:\WINDOWS\system32\SpoonUninstall.exe
2006-09-17 15:02
d
C:\Program Files\Combined Community Codec Pack
2006-09-16 01:20
d
C:\Program Files\MediaMonkey
2006-09-16 00:20
d
C:\Program Files\LiveUpdate
2006-09-15 20:39
d
C:\Program Files\LucasArts
2006-09-15 17:40
d
C:\Program Files\CyberLink
2006-09-14 19:50
d
C:\Program Files\FreeRIP2
2006-09-14 14:40 36734 --a
C:\WINDOWS\system32\OggDSuninst.exe
2006-09-14 14:31
d
C:\Program Files\illiminable
2006-09-14 13:57
d
C:\Program Files\Gabest
2006-09-14 13:56
d
C:\Program Files\URUSoft
2006-09-13 13:01 1084416 --a
C:\WINDOWS\system32\msxml3.dll
2006-09-11 18:40
d
C:\Program Files\StartCop
2006-09-11 14:19
d
C:\Program Files\thf2demo
2006-09-10 13:13
d
C:\Program Files\ReflexiveArcade
2006-09-10 11:29
d
C:\Program Files\Mercora
2006-09-10 11:29
d
C:\Program Files\BitComet
2006-09-10 00:31
d
C:\Program Files\K-Lite Codec Pack
2006-08-25 23:45 617472 --a
C:\WINDOWS\system32\comctl32.dll
2006-08-22 21:53 594450 --a
C:\WINDOWS\system32\x264vfw.dll
2006-08-21 20:21 16896 --a
C:\WINDOWS\system32\fltlib.dll
2006-08-21 17:14 23040 --a
C:\WINDOWS\system32\fltmc.exe
2006-08-16 19:58 100352 --a
C:\WINDOWS\system32\6to4svc.dll
2006-08-12 10:35 108544
C:\WINDOWS\system32\pxcpyi64.exe
2006-08-12 10:35 104960
C:\WINDOWS\system32\pxinsi64.exe
2006-08-11 06:48 4608 --a
C:\WINDOWS\system32\w95inf32.dll
2006-08-11 06:48 2272 --a
C:\WINDOWS\system32\w95inf16.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Windows Registry Repair Pro"="C:\\Program Files\\3B Software\\Windows Registry Repair Pro\\RegistryRepairPro.exe 4"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"AlcxMonitor"="ALCXMNTR.EXE"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"TotalRecorderScheduler"="\"C:\\Program Files\\HighCriteria\\TotalRecorder\\TotRecSched.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"eSnips"="\"C:\\Program Files\\eSnips\\ClientGW.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PermissionResearch
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06-11-10 23:09:20.48
C:\ComboFix.txt ... 06-11-10 23:09
----
Please find and delete the following:
C:\WINDOWS\system32\prxf.dll << this file
C:\WINDOWS\system32\prls.dll << this file
C:\WINDOWS\system32\AlxRes.dll << this file
C:\Program Files\Alexa Toolbar << this folder
Reboot your computer and post a new HijackThis log. Let me know how things are please.
C:\WINDOWS\system32\prxf.dll << this file
C:\WINDOWS\system32\prls.dll << this file
C:\Program Files\Alexa Toolbar << this folder
This file doesn't exist:
C:\WINDOWS\system32\AlxRes.dll << this file
New HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 9:54:38 AM, on 11/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Documents and Settings\Shakespeare\My Documents\My Received Files\FAH502-Console.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Documents and Settings\Shakespeare\My Documents\My Received Files\FahCore_78.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\devnz\SafeLaunch\safetray.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Emergency Use\Desktop\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Program Files\Netcraft Toolbar\nctb.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Safe Launch.lnk = C:\Program Files\devnz\SafeLaunch\safetray.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Furl It - http://www.furl.net/resources/rightClick.jsp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll
O20 - Winlogon Notify: FGWLNotify - C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FGWLNotify.DLL (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PermissionResearch - C:\WINDOWS\system32\prls.dll (file missing)
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: FAH@C:+Documents and Settings+Shakespeare+My Documents+My Received Files+FAH502-Console.exe - Stanford University - C:\Documents and Settings\Shakespeare\My Documents\My Received Files\FAH502-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Click on Delete a file on reboot...
Copy and paste the following into the "File name:" text box and then click Open:
C:\WINDOWS\system32\AlxRes.dll
When you are asked "Do you want to restart your computer now?", click OK.
Your PC MUST reboot to delete the file!
I reformatted my computer and reinstalled windows. Much to my displeasure, the problem persists. So this should really mean that it's not caused by malware?
Thanks.
Good Luck!
Anyway, I want to thank you for all the help...Thanks, Trogan_1000!
This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
The help you received here was free. Please read through some of these Prevention Tips.
We would like you to join Short-Media (Team #93) with the Folding@Home Project. More information available at this link:
http://www.short-media.com/forum/showthread.php?t=9664
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead