1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cannot remove Carnival Casino pop-up & program

Discussion in 'Virus & Other Malware Removal' started by gordongekko, Aug 2, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. gordongekko

    gordongekko Thread Starter

    Joined:
    Aug 2, 2006
    Messages:
    21
    I have been getting a rather annoying pop-up periodically. It is for Carnival Casino. It says "Carnival Casino $777 Free Bonus!!! Play Now." You cannot close the pop-up via normal means, you have to click on a link, which has installed a shortcut on my desktop to "continue carnival casino." A Casino Online folder has surfaced in my C hard drive. Windows XP will not allow me to delete this folder. The files: CsRemnd.exe, and SetupCarnivalSAS0000.exe are in the folder. My C:/WINDOWS/Prefetch folder has a file called SetupCarnivalSAS0000.exe-03D2E9DE.pf located in it.

    Norton, Ad-aware 6.0 and spybot have not been successfull in detecting or removing this for me. I have been searching the web and have not found an easy fix for this problem. Please help. Also, I've noticed you request hijack-this logs from people. Is this a program I will need to download and install?

    Thanks, any help appreciated
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!

    Sure, that is a good place to start! :)

    Click here to download HJTsetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. gordongekko

    gordongekko Thread Starter

    Joined:
    Aug 2, 2006
    Messages:
    21
    Thanks for the reply, Here is my hijack this log:


    Logfile of HijackThis v1.99.1
    Scan saved at 3:58:08 PM, on 8/2/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\SVA Player\SVAPLAYER.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\CasinoOnline\CsRemnd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\System32\PackethSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    d:\tt\guardian\guardianctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\PurgeIE\PurgeIE_Service.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [SVAplayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
    O4 - HKLM\..\Run: [soundtask] soundtask.exe
    O4 - HKLM\..\Run: [System Log Event] csrss32.exe
    O4 - HKLM\..\Run: [yx] uu.exe
    O4 - HKLM\..\Run: [Remndr] "C:\Program Files\CasinoOnline\CsRemnd.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
    O4 - HKLM\..\RunServices: [soundtask] soundtask.exe
    O4 - HKLM\..\RunServices: [System Log Event] csrss32.exe
    O4 - HKLM\..\RunServices: [yx] uu.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0\aoltray.exe
    O4 - Global Startup: Start Guardian.lnk = D:\tt\Guardian\GuardianStart.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: c:\windows\system32\sqlnnh.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: TT GuardianCtrl (GuardianCtrl) - Unknown owner - d:\tt\guardian\guardianctrl.exe
    O23 - Service: TT Guardian TTM (GuardianTTM) - Trading Technologies, Inc. - d:\tt\guardian\guardianTTM.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
    O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TTMessaging (ttmd) - Trading Technologies International - d:\tt\ttm\ttmd.exe
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    That is a pretty infected machine and it may take several scans with different tools to get it cleaned up. Is there a reason you have not put SP2 on? That would have patched many security holes you have and keep these infections from being able to get into your machine.


    Download Ewido anti-spyware from HERE and save that file to your desktop.

    This is a 30 day trial of the program
    1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run ewido and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
    1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
      IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
    2. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. ewido will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.


    Post a new HijackThis log and the log from Ewido.
     
  5. gordongekko

    gordongekko Thread Starter

    Joined:
    Aug 2, 2006
    Messages:
    21
    I suspected my computer may have a few malwares on it but I didn't know it was so badly infected. What is SP2 by the way?
    I downloaded and ran Ewido in safe made as you suggested. Here is the Ewido report

    Please help me with what to do next!!

    If we can get this sorted out I will definitely make a donation!

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 12:00:06 PM 8/3/2006

    + Scan result:



    C:\Program Files\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Download Manager -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Download Manager\DMinfo2.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Download Manager\DMsetup.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Download Manager\DMsetupBig.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Download Manager\JSinstall.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Download Manager\JSlegals.txt -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Download Manager\SelectDir.txt -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Download Manager\SelectDir.txt1st -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Download Manager\SelectDir1st.txt -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Download Manager\dminstall2.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.ivd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.rvd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.xmd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.xmd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\instyler.xmd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_97.ivd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_x95.cvd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\nelf.cvd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\rar.xmd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\unpack.cvd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\LocalPages -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\LocalPages\altnet.css -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\LocalPages\gradient.gif -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\LocalPages\local_firstuse.html -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\LocalPages\local_points.html -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\LocalPages\local_redeem.html -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\LocalPages\local_start.html -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\LocalPages\local_wallet.html -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\LocalPages\notconnected.gif -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\LocalPages\offline.gif -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\LocalPages\pixel.gif -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\Help.xml -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\Sav3BD.tmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\Skin.xml -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\back-over.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\back.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\bottom.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\bottomleft.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\bottomright.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\close-over.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\close.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\forward-over.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\forward.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\help-bottom.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\help-over.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\help-sel.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\help-top.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\help-topleft.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\help-topright.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\help.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\left.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\maximise-over.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\maximise.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\mb_bottom.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\mb_bottomleft.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\mb_bottomright.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\mb_left.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\mb_right.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\mb_top.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\mb_topleft.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\mb_topright.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\message.xml -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\minimise-over.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\minimise.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\points-disabled.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\points-over.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\points-sel.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\points.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\redeem-disabled.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\redeem-over.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\redeem-sel.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\redeem.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\refresh-over.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\refresh.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\right.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\settings-disabled.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\settings-over.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\settings-sel.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\settings.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\start-disabled.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\start-over.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\start-sel.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\start.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\top.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\topleft-pro.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\topleft-reg.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\topleft.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\topright.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\wallet-disabled.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\wallet-over.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\wallet-sel.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\Skin\wallet.bmp -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\Altnet\Points Manager\settings.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Altnet\DMinfo2.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Altnet\bdedata2.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Altnet\dman25.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Altnet\dmanu4.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Altnet\dminstall2.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Altnet\setup.exe -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\BDE\cache\morpheus13\BDEinstall.exe -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10000-0x063b75589f5f3c20e9a339857664eb05.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10000-0x342e66647ecee9f1727a2215e70d8cd6.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10000-0x434e432f5ba1e863de59b33318bf6106.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10000-0x5f9dc08ae071f78b52df24fdcdf074d5.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10000-0x651760cf17f1cc820e69e725b16ef486.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10000-0x8c8c4ea21ab75653dd56e1151a9d1a5b.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10000-0xb037c021be0b8065f4009a06cb24c0cf.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-1148224434.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-2127777201.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-2202950960.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-2372051627.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-2459548295.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-2858922230.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-2963127678.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-2965295459.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-3001638978.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-400875866.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-948931342.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-1001-38.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-5000-2026578499.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-5000-2693070837.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-5000-3174754430.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-5000-3333822525.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-5000-3757870379.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-5000-76261813.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-5000-773060029.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\file-5001-2588361078.sig -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\Cache\Database\index256.dbb -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\P2P Networking\P2P Networking.eng -> Adware.P2PNetworking : Cleaned with backup (quarantined).
    C:\Program Files\LimeShop\Popup.exe -> Adware.Rebates : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.104:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.113:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.114:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.115:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.118:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.122:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.123:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.124:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.134:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.135:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.40:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.66:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.68:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.69:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.70:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.71:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.72:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.73:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.74:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.75:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.89:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.90:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.9:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.26:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
    :mozilla.83:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
    :mozilla.84:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
    :mozilla.27:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.28:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.33:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    :mozilla.34:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.6:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.7:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.8:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
     
  6. gordongekko

    gordongekko Thread Starter

    Joined:
    Aug 2, 2006
    Messages:
    21
    Here is the remainder of the report as well as the new hijack this logfile(the ewido report was too many characters to fit in one post)
    __________________________________________________________________________
    C:\Documents and Settings\David\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    :mozilla.24:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    :mozilla.25:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.91:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.92:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.93:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.94:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.82:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
    :mozilla.31:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    :mozilla.117:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.128:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.130:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.131:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.132:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.133:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.14:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.15:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.16:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.17:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.59:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.78:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.57:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    :mozilla.58:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][2].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
    C:\Documents and Settings\David\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.79:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    :mozilla.80:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\r67jjp6a.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


    ::Report end
    __________________________________________________________________________

    New Hijack This log
    Logfile of HijackThis v1.99.1
    Scan saved at 12:13:06 PM, on 8/3/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\SVA Player\SVAPLAYER.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\CasinoOnline\CsRemnd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\PackethSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    d:\tt\guardian\guardianctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\PurgeIE\PurgeIE_Service.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [SVAplayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
    O4 - HKLM\..\Run: [soundtask] soundtask.exe
    O4 - HKLM\..\Run: [System Log Event] csrss32.exe
    O4 - HKLM\..\Run: [yx] uu.exe
    O4 - HKLM\..\Run: [Remndr] "C:\Program Files\CasinoOnline\CsRemnd.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
    O4 - HKLM\..\RunServices: [soundtask] soundtask.exe
    O4 - HKLM\..\RunServices: [System Log Event] csrss32.exe
    O4 - HKLM\..\RunServices: [yx] uu.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0\aoltray.exe
    O4 - Global Startup: Start Guardian.lnk = D:\tt\Guardian\GuardianStart.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: c:\windows\system32\sqlnnh.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: TT GuardianCtrl (GuardianCtrl) - Unknown owner - d:\tt\guardian\guardianctrl.exe
    O23 - Service: TT Guardian TTM (GuardianTTM) - Trading Technologies, Inc. - d:\tt\guardian\guardianTTM.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
    O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TTMessaging (ttmd) - Trading Technologies International - d:\tt\ttm\ttmd.exe
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I would suggest you remove these from add/remove programs:
    Altnet
    P2P Networking
    LimeShop
    WeatherBug


    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  8. gordongekko

    gordongekko Thread Starter

    Joined:
    Aug 2, 2006
    Messages:
    21
    What is SP2?
    I tried to remove the 4 programs from add/remove programs. I was successfull in removing only 1 of them: Weatherbug. Limeshop appeared as an application that was able to be removed, but whenever I click on the change/remove button (only for the Limeshop app) the screen flashes and nothing happens. I was able to remove Limewire however. There may be some malware disallowing me to remove this. I may need some help with that one. With regards to the other 2 programs, they did not even appear in add/remove programs or in my program files folder.
    What should I do about those?

    I ran smitfraudfix.cmd and here is the report.

    SmitFraudFix v2.79

    Scan done at 13:19:05.20, Thu 08/03/2006
    Run from D:\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\David\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAVID\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please post your HJT log for me again.

    I'll show you where to get SP2 but you don't want to install that on an infected machine.
     
  10. gordongekko

    gordongekko Thread Starter

    Joined:
    Aug 2, 2006
    Messages:
    21
    here is a new hijack this log:


    Logfile of HijackThis v1.99.1
    Scan saved at 1:39:15 PM, on 8/3/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\SVA Player\SVAPLAYER.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\CasinoOnline\CsRemnd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\PackethSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    d:\tt\guardian\guardianctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\PurgeIE\PurgeIE_Service.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
    C:\WINDOWS\System32\cmd.exe
    C:\WINDOWS\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [SVAplayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
    O4 - HKLM\..\Run: [soundtask] soundtask.exe
    O4 - HKLM\..\Run: [System Log Event] csrss32.exe
    O4 - HKLM\..\Run: [yx] uu.exe
    O4 - HKLM\..\Run: [Remndr] "C:\Program Files\CasinoOnline\CsRemnd.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
    O4 - HKLM\..\RunServices: [soundtask] soundtask.exe
    O4 - HKLM\..\RunServices: [System Log Event] csrss32.exe
    O4 - HKLM\..\RunServices: [yx] uu.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0\aoltray.exe
    O4 - Global Startup: Start Guardian.lnk = D:\tt\Guardian\GuardianStart.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: c:\windows\system32\sqlnnh.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: TT GuardianCtrl (GuardianCtrl) - Unknown owner - d:\tt\guardian\guardianctrl.exe
    O23 - Service: TT Guardian TTM (GuardianTTM) - Trading Technologies, Inc. - d:\tt\guardian\guardianTTM.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
    O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TTMessaging (ttmd) - Trading Technologies International - d:\tt\ttm\ttmd.exe
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O4 - HKLM\..\Run: [SVAplayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
    O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
    O4 - HKLM\..\Run: [soundtask] soundtask.exe
    O4 - HKLM\..\Run: [System Log Event] csrss32.exe
    O4 - HKLM\..\Run: [yx] uu.exe
    O4 - HKLM\..\Run: [Remndr] "C:\Program Files\CasinoOnline\CsRemnd.exe"
    O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
    O4 - HKLM\..\RunServices: [soundtask] soundtask.exe
    O4 - HKLM\..\RunServices: [System Log Event] csrss32.exe
    O4 - HKLM\..\RunServices: [yx] uu.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O20 - AppInit_DLLs: c:\windows\system32\sqlnnh.dll

    Close all applications and browser windows before you click "fix checked".


    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):



    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.


    Please run a free online virus scan here (tick the "Auto Clean" checkbox):
    http://housecall.antivirus.com/


    Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log.
     
  12. gordongekko

    gordongekko Thread Starter

    Joined:
    Aug 2, 2006
    Messages:
    21
    Do you see a specific problem with the party poker lines? The program itself is legitimate, and I periodically use it.
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You can leave those if you want. Some people have them and don't even know how they got there! ;)
     
  14. gordongekko

    gordongekko Thread Starter

    Joined:
    Aug 2, 2006
    Messages:
    21
    How long does the trend micro housecall virus scan usually take? My browser has been running the page for at least 30 minutes now.
     
  15. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    That all depends on the size of your drive and how much data you have. It will work a lot faster if you don't surf the web while it's running! ;)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/488853

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice