1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer shuts off

Discussion in 'Virus & Other Malware Removal' started by snowey, Aug 8, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. snowey

    snowey Thread Starter

    Joined:
    May 29, 2004
    Messages:
    40
    I am having a problem with my computer shutting down. I've made a hijack log, I think I have some crap that needs to be deleted but Im not sure what . Help is much needed and appreciated .
    Thanks Snowey
     
  2. snowey

    snowey Thread Starter

    Joined:
    May 29, 2004
    Messages:
    40
    Logfile of HijackThis v1.99.1
    Scan saved at 6:19:56 PM, on 8/8/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Media Gateway\MediaGateway.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\SIERRA\Planner\PLNRnote.exe
    C:\Program Files\Exif Launcher\QuickDCF.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\RedV Protector Suite\PopUpProtector\PopUpProtector.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\sharlia\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    O3 - Toolbar: Search - {34B7A26A-89DB-CCE5-86BB-F40EADCC17C1} - C:\WINDOWS\Wdhnptlq.dll
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
    O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [arcaderockstar] C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
    O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [VSL04.exe] C:\WINDOWS\system32\VSL04.exe
    O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe
    O4 - HKCU\..\Run: [VSL07.exe] C:\WINDOWS\system32\VSL07.exe
    O4 - Startup: PopUpProtector.lnk = C:\Program Files\RedV Protector Suite\PopUpProtector\PopUpProtector.exe
    O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\Planner\PLNRnote.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Support - {C750CD76-EA79-45B2-B4FB-663E3BC3B1B6} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt0_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt0_x.cab
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
    O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.games.yahoo.com/games/clients/y/ft0_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
    O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
    O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - http://digitalid.verisign.com/xenroll.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/WebsiteAccess/ie/bridge-c18.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} (printQuick Browser Add In (Ver4)) - http://www.pqpc.com/plugin/axversion/1410/printQuick1410.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/smtptool/MailCfg.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://admin.pressplay.com/duet/registration/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
    O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
    O16 - DPF: {C54A28A1-5EBF-11D5-9F0E-00A0C99A7357} (SpeedCtl Class) - http://iweb.intertainer.com/eod/downloads/SpeedTest.dll
    O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
     
  3. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires, it becomes freeware with reduced functions but still worth keeping.


    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-Spyware, DO NOT run a scan yet. We will do that later in Safe Mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Run ActiveScan online virus scan: here

    When the scan is finished, save the results from the scan!


    Come back here and post a new Hijack This log along with the logs from the Ewido and Panda scans.
     
  4. snowey

    snowey Thread Starter

    Joined:
    May 29, 2004
    Messages:
    40
    Logfile of HijackThis v1.99.1
    Scan saved at 10:57:53 PM, on 8/8/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Compaq\Easy Access Button

    Support\StartEAK.exe
    C:\Program Files\Compaq\Easy Access Button

    Support\CPQEADM.EXE
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Viewpoint\Viewpoint

    Manager\ViewMgr.exe
    C:\Program Files\Media Gateway\MediaGateway.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\SIERRA\Planner\PLNRnote.exe
    C:\Program Files\Exif Launcher\QuickDCF.exe
    C:\Program Files\Common Files\Microsoft Shared\Works

    Shared\wkcalrem.exe
    C:\Program Files\RedV Protector

    Suite\PopUpProtector\PopUpProtector.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and

    Settings\sharlia\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL =

    http://store.presario.net/scripts/redirectors/presario/st

    oreredir2.dll?s=consumerfav&c=3c01&lc=0409
    R1 - HKCU\Software\Microsoft\Internet

    Explorer\Main,Window Title = Microsoft Internet Explorer

    provided by Compaq
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-

    ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll (file

    missing)
    O3 - Toolbar: Search - {34B7A26A-89DB-CCE5-86BB-

    F40EADCC17C1} - C:\WINDOWS\Wdhnptlq.dll (file missing)
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program

    Files\Compaq\Easy Access Button

    Support\StartEAK.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program

    Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection]

    C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32

    \igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds]

    C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

    Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program

    Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [AtariBanner] "C:\Program

    Files\Infogrames\Atari Anniversary Edition\Volume 2

    \Banner.exe" /0
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1

    \Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1

    \Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program

    Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [Media Gateway] C:\Program

    Files\Media Gateway\MediaGateway.exe
    O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE

    C:\WINDOWS\cfgmgr52.dll,DllRun
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

    Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [arcaderockstar] C:\Program

    Files\ArcadeRockstar\arcaderockstar32.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-

    spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MoneyAgent] "c:\Program

    Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition]

    "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program

    Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program

    Files\Real\RealPlayer\realplay.exe"

    /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [VSL04.exe] C:\WINDOWS\system32

    \VSL04.exe
    O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32

    \wallp2.exe
    O4 - HKCU\..\Run: [VSL07.exe] C:\WINDOWS\system32

    \VSL07.exe
    O4 - Startup: PopUpProtector.lnk = C:\Program

    Files\RedV Protector

    Suite\PopUpProtector\PopUpProtector.exe
    O4 - Startup: reminder-ScanSoft Product

    Registration.lnk = C:\Program Files\TextBridge Classic

    2.0\Ereg\REMIND32.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program

    Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Event Planner Reminders Tray

    Icon.lnk = C:\SIERRA\Planner\PLNRnote.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program

    Files\Exif Launcher\QuickDCF.exe
    O4 - Global Startup: Microsoft Works Calendar

    Reminders.lnk = ?
    O8 - Extra context menu item: &Search -

    http://ka.bar.need2find.com/KA/menusearch.html?p=KA
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-

    AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-

    47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071

    -b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-

    00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-

    98FE-00C0F0318AFE} - C:\WINDOWS\System32

    \Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-

    BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Support - {C750CD76-EA79-45B2-

    B4FB-663E3BC3B1B6} - C:\Program Files\Internet

    Explorer\SIGNUP\Presario.htm (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet

    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF:

    START_PAGE_URL=http://store.presario.net/scripts/red

    irectors/presario/storeredir2.dll?

    s=consumerfav&c=3c01&lc=0409
    O16 - DPF: JT's Blocks -

    http://download.games.yahoo.com/games/clients/y/blt1_x.

    cab
    O16 - DPF: Yahoo! Chat -

    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/

    chat.cab
    O16 - DPF: Yahoo! Checkers -

    http://download.games.yahoo.com/games/clients/y/kt0_x.

    cab
    O16 - DPF: Yahoo! Fleet -

    http://download.games.yahoo.com/games/clients/y/fltt0_

    x.cab
    O16 - DPF: Yahoo! Spades -

    http://download.games.yahoo.com/games/clients/y/st2_x.

    cab
    O16 - DPF: Yahoo! Spelldown -

    http://download.games.yahoo.com/games/clients/y/sdt1_x.

    cab
    O16 - DPF: Yahoo! Tic-Tac-Toe -

    http://download.games.yahoo.com/games/clients/y/ft0_x.

    cab
    O16 - DPF: {00B71CFB-6864-4346-A978-

    C0A14556272C} (Checkers Class) -

    http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-

    D00330E511D3} (StagingUI Object) -

    http://zone.msn.com/binFrameWork/v10/StagingUI.cab406

    41.cab
    O16 - DPF: {0F9B4CA4-A30F-480A-841D-

    69B45C50A8F8} (SekureL0gin.SekureKontrol) -

    http://secure2.comned.com/signuptemplates/AktiveSekur

    ity.cab
    O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1}

    (CEnroll Class) - http://digitalid.verisign.com/xenroll.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-

    97215F77A6BC} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsP

    AClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-

    992EE8E6BAD6} -

    http://static.windupdates.com/cab_adult/WebsiteAccess

    /ie/bridge-c18.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-

    494B6333150B} (Minesweeper Flags Class) -

    http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-

    FA1D4F56A2AB} (YInstStarter Class) - C:\Program

    Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3BB54395-5982-4788-8AF4-

    B5388FFDD0D8} (ZoneBuddy Class) -

    http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab3284

    6.cab
    O16 - DPF: {4AD73894-A895-4FC2-B233-

    299867E08753} (Cadwkzctl Object) -

    http://apps.deskwizz.com/ax/adwerkz.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-

    2D05CB959537} (MSN Photo Upload Tool) -

    http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-

    0050DAC5EBD0} (printQuick Browser Add In (Ver4)) -

    http://www.pqpc.com/plugin/axversion/1410/printQuick141

    0.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-

    917ABDD035B3} (ZonePAChat Object) -

    http://zone.msn.com/binframework/v10/ZPAChat.cab3284

    6.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-

    00C04F9A3B61} (HouseCall Control) -

    http://a840.g.akamai.net/7/840/537/2004061001/hous

    ecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {776706AE-CACA-4EA3-93DF-

    BB83D9259DA9} (MailConfigure Class) -

    http://supportservices.msn.com/us/smtptool/MailCfg.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-

    6A1E6D7663F6} (Groove Control) -

    http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {809A6301-7B40-4436-A02C-

    87B8D3D7D9E3} (ZPA_DMNO Object) -

    http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42

    341.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-

    67749B4057FA} -

    http://dm.screensavers.com/dm/installers/si/1/sinstaller.

    cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-

    4DFAD1796A8D} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsCl

    ient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-

    00105A1F0D68} (InstallShield International Setup

    Player) -

    http://admin.pressplay.com/duet/registration/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-

    5009F29E09E1} (ActiveScan Installer Class) -

    http://acs.pandasoftware.com/activescan/as5free/asinst

    .cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-

    9CD52E528BC4} (ZoneAxRcMgr Class) -

    http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-

    00105A10AAF6} (WONWebLauncher Class) -

    http://hoylegames.sierra.com/cab/WONWebLauncherContr

    ol.cab
    O16 - DPF: {A243F6C2-34D2-4549-BCCD-

    A7BEF759B236} (Seekford Solutions, Inc.'s

    ssiPictureUploader Control) -

    http://img.funtigo.com/images/uploader/ssiPictureUpload

    er.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-

    595F0A5519FF} (MsnMessengerSetupDownloadControl

    Class) -

    http://messenger.msn.com/download/MsnMessengerSetu

    pDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-

    220313175592} (ZoneIntro Class) -

    http://zone.msn.com/binFramework/v10/ZIntro.cab34246.

    cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-

    00105AA9B6AE} (Symantec RuFSI Registry Information

    Class) -

    http://security1.norton.com/SSC/SharedContent/sc/bin/c

    absa.cab
    O16 - DPF: {C54A28A1-5EBF-11D5-9F0E-

    00A0C99A7357} (SpeedCtl Class) -

    http://iweb.intertainer.com/eod/downloads/SpeedTest.dll
    O16 - DPF: {CAFEEFAC-0014-0001-0000-

    ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-

    C771BB369937} (StadiumProxy Class) -

    http://zone.msn.com/binframework/v10/StProxy.cab41227.

    cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-

    73DB16A1543A} (PopCapLoader Object) -

    http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-

    97E826C84822} -

    http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-

    F385591623AF} (Solitaire Showdown Class) -

    http://messenger.zone.msn.com/binary/SolitaireShowdown

    .cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-

    8E305202313F} - "C:\PROGRA~1\MSNMES~1

    \msgrapp.dll" (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -

    GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1

    \avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) -

    GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1

    \avgupsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-

    Malware Development a.s. - C:\Program Files\ewido anti-

    spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) -

    Macrovision Corporation - C:\Program Files\Common

    Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. -

    C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc.

    - C:\WINDOWS\system32\pctspk.exe

    ---------------------------------------------------------
     
  5. snowey

    snowey Thread Starter

    Joined:
    May 29, 2004
    Messages:
    40
    Pandascan

    Incident Status Location

    Spyware:Spyware/ArcadeRock Not disinfected C:\Program Files\ArcadeRockstar\clutil.dll
    Adware:Adware/WUpd Not disinfected C:\Program Files\Media Gateway\MediaGateway.exe
    Spyware:Spyware/ArcadeRock Not disinfected C:\Program Files\ArcadeRockstar\poplib.dll
    Spyware:Spyware/ArcadeRock Not disinfected C:\Program Files\ArcadeRockstar\shcfglib.dll
    Spyware:Spyware/ArcadeRock Not disinfected C:\Program Files\ArcadeRockstar\wshlib.dll
    Spyware:Spyware/ArcadeRock Not disinfected C:\Program Files\ArcadeRockstar\arcaderockstarlib32.dll
    Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\dennis\Start Menu\Programs\Startup\PowerReg Scheduler.exe
    Adware:adware/ncase Not disinfected c:\temp\salm.log
    Spyware:spyware/virtumonde Not disinfected C:\WINDOWS\system32\winhost32.exe
    Adware:adware/wupd Not disinfected c:\windows\system32\ide21201.vxd
    Adware:adware/wintools Not disinfected c:\windows\system32\TBPS.ini
    Spyware:spyware/bridge Not disinfected c:\windows\downloaded program files\bridge.inf
    Spyware:spyware/betterinet Not disinfected c:\windows\inf\biini.inf
    Adware:adware/twain-tech Not disinfected c:\windows\inf\twaintec.inf
    Adware:adware/gator Not disinfected c:\GatorPatch.log
    Adware:adware/virtualbouncer Not disinfected c:\myPcsearch.exe
    Adware:adware/thespyguard Not disinfected c:\windows\back.gif
    Adware:adware/bookedspace Not disinfected c:\windows\cfgmgr52.ini
    Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
    Adware:adware program Not disinfected c:\windows\ss3unstl.exe
    Dialer:dialer.b Not disinfected c:\windows\tmlpcert2005
    Adware:adware/portalscan Not disinfected c:\program files\common files\Slmss
    Adware:adware/sidesearch Not disinfected c:\program files\Lycos
    Adware:adware/downloadware Not disinfected c:\program files\MLH
    Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find
    Adware:adware/redv Not disinfected c:\program files\RedV Protector Suite
    Potentially unwanted tool:application/altnet Not disinfected c:\windows\temp\Altnet
    Adware:adware/dyfuca Not disinfected c:\windows\STWSI
    Adware:adware/searchexe Not disinfected Windows Registry
    Spyware:spyware/new.net Not disinfected Windows Registry
    Potentially unwanted tool:application/mywebsearch Not disinfected hkey_current_user\software\Toolbar
    Adware:adware/wurldmedia Not disinfected Windows Registry
    Adware:adware/ipinsight Not disinfected Windows Registry
    Potentially unwanted tool:application/myway Not disinfected hkey_current_user\software\netscape\netscape navigator\automation shutdown\MyWayToolBar.NetscapeShutdown.1
    Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\All Users\Documents\Temp\Belt.ini
    Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\All Users\Documents\Temp\biini.inf
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\christopher\Cookies\[email protected][1].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\christopher\Cookies\[email protected][2].txt
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\christopher\Cookies\[email protected][2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\christopher\Cookies\[email protected][2].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][2].txt
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][2].txt
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][2].txt
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][2].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][2].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][2].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][2].txt
    Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\dennis\Cookies\[email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\dennis\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\dennis\Local Settings\Temp\Cookies\[email protected][2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\dennis\Local Settings\Temp\Cookies\[email protected][1].txt
    Hacktool:HackTool/EvID Not disinfected C:\Documents and Settings\dennis\Local Settings\Temp\sp2patch.exe

    When I I logged back in on my computer after doing the scan I had two errors.
    RUNDLL
    error loading C:\windows\cfgmgr52.dll
    the specified module could not be found

    And

    C:\windows\system32\uorkxniflqlcsrss.exe
    windows cannot find

    could not load or run
    make sure file exists or remove the reference to it in the registry

    and now my avg anti-virus program found a virus
    <rec time="2006/08/08 22:59:18" user="sharlia" source="Virus">
    <value>@HL_ReportFindRS</value>
    <attr name="filename">C:\Program Files\MSN Gaming Zone\hovel.dll</attr>
    <attr name="finding">@EID_Id_trj</attr>
    <attr name="virusname">Downloader.Generic.ZIE</attr>
    </rec>
    </history>

    Thanks for the help!
    Snowey
     
  6. snowey

    snowey Thread Starter

    Joined:
    May 29, 2004
    Messages:
    40
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 10:03:56 PM 8/8/2006

    + Scan result:



    C:\Documents and Settings\dennis\Local Settings\Temp\Del10A.tmp -> Adware.180Solutions : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\180solutions -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\THI57FB.tmp\twaintec.cab/preInstTT.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\THI57FB.tmp\twaintec.cab/twaintec.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\twaintec.cab/preInsTT.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\twaintec.cab/twaintec.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Desktop\backups\backup-20060808-181931-579.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\RCX305.tmp -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\RCX47.tmp -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\Wdhnptlq.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bs7beta.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32 -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3ABSPLAT.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3ACCUQ.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3AMERS.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3ASKNOW2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3CARQ.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3CARQ2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3CCB.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3CHOCPBMM.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3CHRISMORT.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3CREDITCARD.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3DIRTYH.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3ENDOMET.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3FREECS.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3FREEIPOD.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3FREEIPOD2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3FREEXBOX.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3HAIRLOSS.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3HYDRO.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3KAN1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3KAN10.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3KAN11.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3KAN12.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3KAN2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3KAN6.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3KAN7.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3LEXREPAIR.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3LMORON.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3LOWRATE.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3MYDISH.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3MYINKS.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3NETFLIX2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3ODYSSEY.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3PARTYPOKER.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3PCHSWEEPS.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3SPORTSINT.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3SUPERIOR.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASI3WEIGHTL.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASICLRE.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASIEPRE.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASIPP.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASIRCPRE.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASISS2RE.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\ASISSRE.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\EECH1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\SPECAUTO.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\SPECENTER.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\SPZ3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPC.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPD.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPE.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPF.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPFAM.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPFI.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPFIN.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPG.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPH.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPHL.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPJ.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPM.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPMTV.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPN.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPR.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPS.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPSHOP.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPSP.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\bsx32\TMPW.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\cfgmgr52.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\ddsnugxk.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\fnflyivw.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\DelFin -> Adware.Delfin : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\DelFin\PromulGate -> Adware.Delfin : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Adware.Downloadware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\bar.exe -> Adware.IeSearchBar : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\IPINSIGT.cab/ipinsigt.dll -> Adware.IPInsight : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Local Settings\Temp\IPINSIGT.cab/ipinsigt.dll -> Adware.IPInsight : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Desktop\backups\backup-20060808-181932-308.dll -> Adware.MediaBack : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\mimtcore.dll -> Adware.MediaBack : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\updCFA.tmp/ME.dll -> Adware.MediaPops : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\MP.MediaPops -> Adware.NetworkEssentials : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\MP.MediaPops.1 -> Adware.NetworkEssentials : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\MP.MediaPops\CLSID -> Adware.NetworkEssentials : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\MP.MediaPops\CurVer -> Adware.NetworkEssentials : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall5_64.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\SWRT01.RT -> Adware.SecondThought : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\SWRT01.RT\Clsid -> Adware.SecondThought : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\SWRT01.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Local Settings\Temp\temp.cab/IExploreSkins.exe -> Adware.WebSearch : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\temp.cab/IExploreSkins.exe -> Adware.WebSearch : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\temp.cab/toolbar.dll -> Adware.WebSearch : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\toolbar.dll -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\Common.Buttons -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\Common.Buttons\Clsid -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res\WToolsB.ResProtocol -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\Radio.RadioPlayer -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\Radio.RadioPlayer\Clsid -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd\Clsid -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Toolbar -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Toolbar\Files -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Toolbar\Files\APP -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Toolbar\Files\BBDE -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Toolbar\Files\BBDHE -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Toolbar\Files\BBDI -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Toolbar\Files\COMMON -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Toolbar\Files\MAJORSE -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Toolbar\Files\RADIO -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Toolbar\Files\SVC -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Toolbar\Files\TBR -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Toolbar\Install -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Toolbar\PlugIns -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Toolbar\PlugIns\COMMON -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Toolbar\PlugIns\RADIO -> Adware.WebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Toolbar\Server -> Adware.WebSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup (quarantined).
    C:\Program Files\se -> Adware.WindowEnhancer : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~435527.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~444515.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~446332.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~450550.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~459404.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~480493.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~493710.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~508907.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~511469.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~518351.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~531820.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~534218.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~542760.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~551825.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~552166.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~568704.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~584533.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~586513.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~588279.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~642954.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~645618.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~663314.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~682069.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~684225.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~697608.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~710190.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~713270.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~728104.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~738847.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~747563.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~749866.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~760419.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~825577.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~851902.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Documents\Temp\~870688.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Local Settings\Temp\~432383.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Local Settings\Temp\~792595.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Local Settings\Temp\~422558.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\~468304.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\~555614.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\~686154.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\~770307.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\~779104.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
     
  7. snowey

    snowey Thread Starter

    Joined:
    May 29, 2004
    Messages:
    40
    C:\Documents and Settings\sharlia\Local Settings\Temp\~810271.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\~811504.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\~830365.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\mobupd.exe -> Adware.WurldMedia : Cleaned with backup (quarantined).
    C:\Program Files\MSN Gaming Zone\hovel.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\ICD3.tmp\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\AktiveSekurity.ocx -> Not-A-Virus.VirTool.Win32.Collector : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][1].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Local Settings\Temp\Cookies\[email protected]4elc5sep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Realtracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Cookies\[email protected][2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Xxxcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\sharlia\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\christopher\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\Documents and Settings\dennis\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\Documents and Settings\i heart you\Cookies\i heart [email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\mdtdev.exe -> Trojan.VB.wh : Cleaned with backup (quarantined).


    ::Report end

    I hope this is everything.
    thanks
    snowey
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    The Hijack This log is hard to read.
    Please rescan with Hijack This.
    When the log opens in Notepad, go to Format and select Wordwrap.
    Then copy and paste the log here.
     
  9. snowey

    snowey Thread Starter

    Joined:
    May 29, 2004
    Messages:
    40
    Logfile of HijackThis v1.99.1
    Scan saved at 8:40:30 PM, on 8/9/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Media Gateway\MediaGateway.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\SIERRA\Planner\PLNRnote.exe
    C:\Program Files\Exif Launcher\QuickDCF.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\RedV Protector Suite\PopUpProtector\PopUpProtector.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\sharlia\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll (file missing)
    O3 - Toolbar: Search - {34B7A26A-89DB-CCE5-86BB-F40EADCC17C1} - C:\WINDOWS\Wdhnptlq.dll (file missing)
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
    O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [arcaderockstar] C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [VSL04.exe] C:\WINDOWS\system32\VSL04.exe
    O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe
    O4 - HKCU\..\Run: [VSL07.exe] C:\WINDOWS\system32\VSL07.exe
    O4 - Startup: PopUpProtector.lnk = C:\Program Files\RedV Protector Suite\PopUpProtector\PopUpProtector.exe
    O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\Planner\PLNRnote.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Support - {C750CD76-EA79-45B2-B4FB-663E3BC3B1B6} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt0_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt0_x.cab
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
    O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.games.yahoo.com/games/clients/y/ft0_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
    O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
    O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - http://digitalid.verisign.com/xenroll.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/WebsiteAccess/ie/bridge-c18.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} (printQuick Browser Add In (Ver4)) - http://www.pqpc.com/plugin/axversion/1410/printQuick1410.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/smtptool/MailCfg.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://admin.pressplay.com/duet/registration/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
    O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
    O16 - DPF: {C54A28A1-5EBF-11D5-9F0E-00A0C99A7357} (SpeedCtl Class) - http://iweb.intertainer.com/eod/downloads/SpeedTest.dll
    O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

    thanks
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download KillBox.

    Save it to your desktop.
    DO NOT run it yet. We will use it later.

    * Click here to download Webroot SpySweeper.

    (It's a 2 week trial.)

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

    Also post a new Hijack This log.
     
  11. snowey

    snowey Thread Starter

    Joined:
    May 29, 2004
    Messages:
    40
    Here is the session log or what I got of them I tried to run a sweep and the computer shut down during it . I then tried again in safe mode the computer shut down again, I tried again in safe mode with just the diagnostics version of spysweeper finally made it through the sweep but when I hit next it only made it through half then the computer shut down. this is the logs I have up til then
    Thanks
    Snowey






    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    8:59 PM: Shield States
    8:59 PM: Spyware Definitions: 737
    8:57 PM: Spy Sweeper 5.0.5.1286 started
    7:41 PM: Detected running threat: redvpopup
    7:41 PM: Memory Shield: Found: Memory-resident threat redvpopup, version 1.0.0.0
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    7:36 PM: Shield States
    7:36 PM: Spyware Definitions: 737
    7:34 PM: Spy Sweeper 5.0.5.1286 started
    7:32 PM: Detected running threat: redvpopup
    7:32 PM: Memory Shield: Found: Memory-resident threat redvpopup, version 1.0.0.0
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    7:26 PM: Shield States
    7:26 PM: Spyware Definitions: 737
    7:25 PM: Spy Sweeper 5.0.5.1286 started
    7:03 PM: Detected running threat: redvpopup
    7:03 PM: Memory Shield: Found: Memory-resident threat redvpopup, version 1.0.0.0
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    6:58 PM: Shield States
    6:57 PM: Spyware Definitions: 737
    6:56 PM: Spy Sweeper 5.0.5.1286 started
    6:53 PM: Detected running threat: redvpopup
    6:53 PM: Memory Shield: Found: Memory-resident threat redvpopup, version 1.0.0.0
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    6:47 PM: Shield States
    6:47 PM: Spyware Definitions: 737
    6:46 PM: Spy Sweeper 5.0.5.1286 started
    6:21 PM: Detected running threat: redvpopup
    6:21 PM: Memory Shield: Found: Memory-resident threat redvpopup, version 1.0.0.0
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    6:16 PM: Shield States
    6:16 PM: Spyware Definitions: 737
    6:14 PM: Spy Sweeper 5.0.5.1286 started
    4:43 PM: Detected running threat: redvpopup
    4:43 PM: Memory Shield: Found: Memory-resident threat redvpopup, version 1.0.0.0
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    4:37 PM: Shield States
    4:37 PM: Spyware Definitions: 737
    4:36 PM: Spy Sweeper 5.0.5.1286 started
    10:51 AM: Detected running threat: redvpopup
    10:51 AM: Memory Shield: Found: Memory-resident threat redvpopup, version 1.0.0.0
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    10:51 AM: Shield States
    10:50 AM: Spy Installation Shield: found: Adware: zquest, version 1.0.0.0
    10:50 AM: BHO Shield: found: -- BHO installation denied at user request
    10:50 AM: BHO Shield: found: -- BHO installation denied at user request
    10:48 AM: Spyware Definitions: 737
    10:47 AM: Spy Sweeper 5.0.5.1286 started
    10:03 PM: | End of Session, Wednesday, August 09, 2006 |
    10:01 PM: Your spyware definitions have been updated.
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    9:56 PM: Shield States
    9:55 PM: Spyware Definitions: 691
    9:53 PM: Spy Sweeper 5.0.5.1286 started
    9:53 PM: Spy Sweeper 5.0.5.1286 started
    9:53 PM: | Start of Session, Wednesday, August 09, 2006 |
    ********
    10:04 PM: Detected running threat: C:\Program Files\RedV Protector Suite\PopUpProtector\MSNLib.dll (ID = 73684)
    10:04 PM: Detected running threat: C:\Program Files\RedV Protector Suite\PopUpProtector\AOLLib.dll (ID = 73678)
    10:04 PM: Detected running threat: C:\Program Files\RedV Protector Suite\PopUpProtector\NS6Lib.dll (ID = 73695)
    10:04 PM: Found Adware: redvpopup
    10:03 PM: Starting Memory Sweep
    10:03 PM: HKCR\clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}\inprocserver32\ (ID = 1353135)
    10:03 PM: Found Adware: bookedspace
    10:03 PM: Sweep initiated using definitions version 737
    10:03 PM: Spy Sweeper 5.0.5.1286 started
    10:03 PM: | Start of Session, Wednesday, August 09, 2006 |
    ********
     
  12. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Post a new Hijack This log too.
     
  13. snowey

    snowey Thread Starter

    Joined:
    May 29, 2004
    Messages:
    40
    Logfile of HijackThis v1.99.1
    Scan saved at 5:54:05 PM, on 8/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Compaq\Easy Access Button

    Support\StartEAK.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Compaq\Easy Access Button

    Support\CPQEADM.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Viewpoint\Viewpoint

    Manager\ViewMgr.exe
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\SIERRA\Planner\PLNRnote.exe
    C:\Program Files\Exif Launcher\QuickDCF.exe
    C:\Program Files\Common Files\Microsoft Shared\Works

    Shared\wkcalrem.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and

    Settings\sharlia\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL =

    http://store.presario.net/scripts/redirectors/presario/st

    oreredir2.dll?s=consumerfav&c=3c01&lc=0409
    R1 - HKCU\Software\Microsoft\Internet

    Explorer\Main,Window Title = Microsoft Internet Explorer

    provided by Compaq
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-

    ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll (file

    missing)
    O3 - Toolbar: Search - {34B7A26A-89DB-CCE5-86BB-

    F40EADCC17C1} - C:\WINDOWS\Wdhnptlq.dll (file missing)
    O4 - HKLM\..\Run: [CPQEASYACC] "C:\Program

    Files\Compaq\Easy Access Button

    Support\StartEAK.exe"
    O4 - HKLM\..\Run: [Microsoft Works Portfolio]

    "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection]

    "C:\Program Files\Microsoft Works\WkDetect.exe"
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32

    \igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds]

    C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

    Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program

    Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [AtariBanner] "C:\Program

    Files\Infogrames\Atari Anniversary Edition\Volume 2

    \Banner.exe" /0
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1

    \Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1

    \Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [ViewMgr] "C:\Program

    Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
    O4 - HKLM\..\Run: [Media Gateway] C:\Program

    Files\Media Gateway\MediaGateway.exe
    O4 - HKLM\..\Run: [cfgmgr52] "RunDLL32.EXE"

    C:\WINDOWS\cfgmgr52.dll,DllRun
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

    Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [arcaderockstar] "C:\Program

    Files\ArcadeRockstar\arcaderockstar32.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program

    Files\Webroot\Spy Sweeper\SpySweeperUI.exe"

    /startintray
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%

    \system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MoneyAgent] "c:\Program

    Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition]

    "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program

    Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program

    Files\Real\RealPlayer\realplay.exe"

    /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32

    \wallp2.exe
    O4 - HKCU\..\Run: [VSL07.exe] C:\WINDOWS\system32

    \VSL07.exe
    O4 - Startup: PopUpProtector.lnk = C:\Program

    Files\RedV Protector

    Suite\PopUpProtector\PopUpProtector.exe
    O4 - Startup: reminder-ScanSoft Product

    Registration.lnk = C:\Program Files\TextBridge Classic

    2.0\Ereg\REMIND32.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program

    Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Event Planner Reminders Tray

    Icon.lnk = C:\SIERRA\Planner\PLNRnote.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program

    Files\Exif Launcher\QuickDCF.exe
    O4 - Global Startup: Microsoft Works Calendar

    Reminders.lnk = ?
    O8 - Extra context menu item: &Search -

    http://ka.bar.need2find.com/KA/menusearch.html?p=KA
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-

    AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-

    47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071

    -b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-

    00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-

    98FE-00C0F0318AFE} - C:\WINDOWS\System32

    \Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-

    BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Support - {C750CD76-EA79-45B2-

    B4FB-663E3BC3B1B6} - C:\Program Files\Internet

    Explorer\SIGNUP\Presario.htm (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet

    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF:

    START_PAGE_URL=http://store.presario.net/scripts/red

    irectors/presario/storeredir2.dll?

    s=consumerfav&c=3c01&lc=0409
    O16 - DPF: JT's Blocks -

    http://download.games.yahoo.com/games/clients/y/blt1_x.

    cab
    O16 - DPF: Yahoo! Chat -

    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/

    chat.cab
    O16 - DPF: Yahoo! Checkers -

    http://download.games.yahoo.com/games/clients/y/kt0_x.

    cab
    O16 - DPF: Yahoo! Fleet -

    http://download.games.yahoo.com/games/clients/y/fltt0_

    x.cab
    O16 - DPF: Yahoo! Spades -

    http://download.games.yahoo.com/games/clients/y/st2_x.

    cab
    O16 - DPF: Yahoo! Spelldown -

    http://download.games.yahoo.com/games/clients/y/sdt1_x.

    cab
    O16 - DPF: Yahoo! Tic-Tac-Toe -

    http://download.games.yahoo.com/games/clients/y/ft0_x.

    cab
    O16 - DPF: {00B71CFB-6864-4346-A978-

    C0A14556272C} (Checkers Class) -

    http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-

    D00330E511D3} (StagingUI Object) -

    http://zone.msn.com/binFrameWork/v10/StagingUI.cab406

    41.cab
    O16 - DPF: {0F9B4CA4-A30F-480A-841D-

    69B45C50A8F8} (SekureL0gin.SekureKontrol) -

    http://secure2.comned.com/signuptemplates/AktiveSekur

    ity.cab
    O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1}

    (CEnroll Class) - http://digitalid.verisign.com/xenroll.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-

    97215F77A6BC} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsP

    AClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-

    992EE8E6BAD6} -

    http://static.windupdates.com/cab_adult/WebsiteAccess

    /ie/bridge-c18.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-

    494B6333150B} (Minesweeper Flags Class) -

    http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-

    FA1D4F56A2AB} (YInstStarter Class) - C:\Program

    Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3BB54395-5982-4788-8AF4-

    B5388FFDD0D8} (ZoneBuddy Class) -

    http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab3284

    6.cab
    O16 - DPF: {4AD73894-A895-4FC2-B233-

    299867E08753} (Cadwkzctl Object) -

    http://apps.deskwizz.com/ax/adwerkz.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-

    2D05CB959537} (MSN Photo Upload Tool) -

    http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-

    0050DAC5EBD0} (printQuick Browser Add In (Ver4)) -

    http://www.pqpc.com/plugin/axversion/1410/printQuick141

    0.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-

    917ABDD035B3} (ZonePAChat Object) -

    http://zone.msn.com/binframework/v10/ZPAChat.cab3284

    6.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-

    00C04F9A3B61} (HouseCall Control) -

    http://a840.g.akamai.net/7/840/537/2004061001/hous

    ecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {776706AE-CACA-4EA3-93DF-

    BB83D9259DA9} (MailConfigure Class) -

    http://supportservices.msn.com/us/smtptool/MailCfg.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-

    6A1E6D7663F6} (Groove Control) -

    http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {809A6301-7B40-4436-A02C-

    87B8D3D7D9E3} (ZPA_DMNO Object) -

    http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42

    341.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-

    67749B4057FA} -

    http://dm.screensavers.com/dm/installers/si/1/sinstaller.

    cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-

    4DFAD1796A8D} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsCl

    ient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-

    00105A1F0D68} (InstallShield International Setup

    Player) -

    http://admin.pressplay.com/duet/registration/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-

    5009F29E09E1} (ActiveScan Installer Class) -

    http://acs.pandasoftware.com/activescan/as5free/asinst

    .cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-

    9CD52E528BC4} (ZoneAxRcMgr Class) -

    http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-

    00105A10AAF6} (WONWebLauncher Class) -

    http://hoylegames.sierra.com/cab/WONWebLauncherContr

    ol.cab
    O16 - DPF: {A243F6C2-34D2-4549-BCCD-

    A7BEF759B236} (Seekford Solutions, Inc.'s

    ssiPictureUploader Control) -

    http://img.funtigo.com/images/uploader/ssiPictureUpload

    er.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-

    595F0A5519FF} (MsnMessengerSetupDownloadControl

    Class) -

    http://messenger.msn.com/download/MsnMessengerSetu

    pDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-

    220313175592} (ZoneIntro Class) -

    http://zone.msn.com/binFramework/v10/ZIntro.cab34246.

    cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-

    00105AA9B6AE} (Symantec RuFSI Registry Information

    Class) -

    http://security1.norton.com/SSC/SharedContent/sc/bin/c

    absa.cab
    O16 - DPF: {C54A28A1-5EBF-11D5-9F0E-

    00A0C99A7357} (SpeedCtl Class) -

    http://iweb.intertainer.com/eod/downloads/SpeedTest.dll
    O16 - DPF: {CAFEEFAC-0014-0001-0000-

    ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-

    C771BB369937} (StadiumProxy Class) -

    http://zone.msn.com/binframework/v10/StProxy.cab41227.

    cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-

    73DB16A1543A} (PopCapLoader Object) -

    http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-

    97E826C84822} -

    http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-

    F385591623AF} (Solitaire Showdown Class) -

    http://messenger.zone.msn.com/binary/SolitaireShowdown

    .cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-

    8E305202313F} - "C:\PROGRA~1\MSNMES~1

    \msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier -

    C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -

    GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1

    \avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) -

    GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1

    \avgupsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-

    Malware Development a.s. - C:\Program Files\ewido anti-

    spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) -

    Macrovision Corporation - C:\Program Files\Common

    Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. -

    C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc.

    - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: Webroot Spy Sweeper Engine

    (WebrootSpySweeperService) - Webroot Software, Inc. -

    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  14. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    The Hijack This log is hard to read.
    Please rescan with Hijack This.
    When the log opens in Notepad, go to Format and select Wordwrap.
    Then copy and paste the log here.
     
  15. snowey

    snowey Thread Starter

    Joined:
    May 29, 2004
    Messages:
    40
    I have this in wordwrap format hope its better

    Logfile of HijackThis v1.99.1
    Scan saved at 8:36:00 PM, on 8/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\WINDOWS\system32\dumprep.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\SIERRA\Planner\PLNRnote.exe
    C:\Program Files\Exif Launcher\QuickDCF.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\sharlia\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll (file missing)
    O3 - Toolbar: Search - {34B7A26A-89DB-CCE5-86BB-F40EADCC17C1} - C:\WINDOWS\Wdhnptlq.dll (file missing)
    O4 - HKLM\..\Run: [CPQEASYACC] "C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe"
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
    O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
    O4 - HKLM\..\Run: [cfgmgr52] "RunDLL32.EXE" C:\WINDOWS\cfgmgr52.dll,DllRun
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [arcaderockstar] "C:\Program Files\ArcadeRockstar\arcaderockstar32.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe
    O4 - HKCU\..\Run: [VSL07.exe] C:\WINDOWS\system32\VSL07.exe
    O4 - Startup: PopUpProtector.lnk = C:\Program Files\RedV Protector Suite\PopUpProtector\PopUpProtector.exe
    O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\Planner\PLNRnote.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Support - {C750CD76-EA79-45B2-B4FB-663E3BC3B1B6} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt0_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt0_x.cab
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
    O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.games.yahoo.com/games/clients/y/ft0_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
    O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
    O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - http://digitalid.verisign.com/xenroll.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/WebsiteAccess/ie/bridge-c18.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} (printQuick Browser Add In (Ver4)) - http://www.pqpc.com/plugin/axversion/1410/printQuick1410.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/smtptool/MailCfg.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://admin.pressplay.com/duet/registration/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
    O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
    O16 - DPF: {C54A28A1-5EBF-11D5-9F0E-00A0C99A7357} (SpeedCtl Class) - http://iweb.intertainer.com/eod/downloads/SpeedTest.dll
    O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/490621

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice