1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

data execution prevention

Discussion in 'Virus & Other Malware Removal' started by dantman, Nov 5, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. dantman

    dantman Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    10
    im getting data execution prevention box popping up for name:windows explorer.

    i'm using firefox with windows XP. i'm also have a few other problems with win antivirus 2006 and others. i have my hijackthis log. thx for any help because im getting really worried.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:39:09 PM, on 11/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\DanTman\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll
    O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
     
  2. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    hi, welcome to TSG.



    Please download http://www.atribune.org/ccount/click.php?id=4 to your desktop.
    · Double-click VundoFix.exe to run it.
    · Click the Scan for Vundo button.
    · Once it's done scanning, click the Remove Vundo button.
    · You will receive a prompt asking if you want to remove the files, click YES
    · Once you click yes, your desktop will go blank as it starts removing Vundo.
    · When completed, it will prompt that it will shutdown your computer, click OK.
    · Turn your computer back on.


    Go here and downlaod the latest version of java, once
    downloaded, go to add/remove and uninstall all previous versions of java
    from add/remove and then install the latest version you just downloaded!


    http://java.com/en/download/manual.jsp

    http://www.majorgeeks.com/download.php?det=4648




    Download AVG Anti-Spyware

    http://www.ewido.net/en/


    * Once you have downloaded AVG Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    * Once the setup is complete you will need run Ewido and update the definition files.
    * On the main screen select the icon "Update" then select the "Update now" link.
    * Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    * Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    * Once in the Settings screen click on "Recommended actions" and then select "Delete"
    * Under "Reports"
    * Select "Automatically generate report after every scan"
    * Un-Select "Only if threats were found"


    Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.



    * Click here to download ATF Cleaner by Atribune and save it to your desktop.

    http://majorgeeks.com/ATF_Cleaner_d4949.html


    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.
    o If you use Firefox:
    + Click Firefox at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    o If you use Opera:
    + Click Opera at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    * Click Exit on the Main menu to close the program.


    * Click here for info on how to boot to safe mode if you don't already know
    how.

    http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam



    * Now copy these instructions to notepad and save them to your desktop. You
    will need them to refer to in safe mode.


    * Restart your computer into safe mode now. Perform the following steps in
    safe mode:



    have hijack this fix these entries. close all browsers and programmes before
    clicking FIX.


    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


    Run AVG Anti-Spyware!

    # IMPORTANT: Do not open any other windows or programs while AVG is scanning as it may interfere with the scanning process:
    # Launch AVG Anti-spyware by double-clicking the icon on your desktop.
    # Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    # AVG will now begin the scanning process. Be patient this may take a little time.
    Once the scan is complete do the following:
    # If you have any infections you will prompted, then select "Apply all actions"
    # Next select the "Reports" icon at the top.
    # Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    # Close AVG and reboot your system back into Normal Mode.



    reboot to normal mode and run a few online scans!


    Make sure your ActiveX controls are set as follows:

    Go to Internet Options - Security - Internet, press 'default level', then OK.
    Now press "Custom Level."

    In the ActiveX section, set the first two options (Download signed and
    unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX
    controls not marked as safe" to 'disable'.


    Active X settings

    http://www.compu-docs.com/activex.htm


    Run ActiveScan online virus scan here

    http://www.pandasoftware.com/products/activescan.htm

    When the scan is finished, anything that it cannot clean have it delete it.
    Make a note of the file location of anything that cannot be deleted so you
    can delete it yourself.
    - Save the results from the scan!



    post another hijack this log, the AVG Anti-Spyware log and active scan logs
     
  3. dantman

    dantman Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    10
    ok i made it upto the safe mode, so i followed msconfig safemode boot. once it restarted i had two options admin or my loggin.

    1st i chose my loggin. so i log on and its a black screen and a box opens( it goes away after4-5secs)i couldnt read it because it disappeared so fast so it stayed on a blank black screen. i had to ctrl alt del to log to signin and try my loggin did this a couple times to read it so i figured out what it said and then i hit yes to countinue in safe mode. once i did that it stayed a black screen. so i tried it under admin and still the same thing. so i started to get worried. i tried under my loggin a few more times. sometimes it would start to load the desktop but it would vanish after 3-5 secs. so i tried to restart again and hit f8 to load windows normally...but it wouldnt it went right back to safemode. so while in safe mode i kept trying to get that desk top to appear and i finally got to run msconfig unsafemode checked after about 30mins of trying. so thats where im at now. wow did that make me sweat bullets for that 45mins. anywho i'm back on normal windows. what should i do?
     
  4. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    Safe mode is a black screen, there is no desktop, this is what safe mode is, you should still have some icons and the start button. Continue on from there.
     
  5. dantman

    dantman Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    10
    no buttons or start button. it would start to appear then just disappear. so a solid black screan with safemode in each corner. even when i hit the windows button nothing pops up.
     
  6. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    ok, run the scans in normal mode!
     
  7. dantman

    dantman Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    10
    hijack this

    Logfile of HijackThis v1.99.1
    Scan saved at 2:33:56 PM, on 11/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\DanTman\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll
    O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
     
  8. dantman

    dantman Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    10
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 1:28:19 PM 11/7/2006

    + Scan result:



    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276858.dll -> Adware.Agent : Cleaned.
    C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned.
    C:\WINDOWS\SYSTEM32\xygiwbju.dll -> Adware.BHO : Cleaned.
    C:\WINDOWS\SYSTEM32\antivga.exe -> Adware.SaveNow : Cleaned.
    C:\WINDOWS\SYSTEM32\baks.exe -> Adware.SaveNow : Cleaned.
    C:\WINDOWS\SYSTEM32\comad.exe -> Adware.SaveNow : Cleaned.
    C:\WINDOWS\SYSTEM32\expav.exe -> Adware.SaveNow : Cleaned.
    C:\WINDOWS\SYSTEM32\expdns.exe -> Adware.SaveNow : Cleaned.
    C:\WINDOWS\SYSTEM32\mclib.exe -> Adware.SaveNow : Cleaned.
    C:\WINDOWS\SYSTEM32\odbcvga.exe -> Adware.SaveNow : Cleaned.
    C:\WINDOWS\SYSTEM32\psole.exe -> Adware.SaveNow : Cleaned.
    C:\WINDOWS\SYSTEM32\rasip.exe -> Adware.SaveNow : Cleaned.
    C:\WINDOWS\SYSTEM32\tapips.exe -> Adware.SaveNow : Cleaned.
    HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP593\A0272942.dll -> Adware.Searchcolor : Cleaned.
    C:\WINDOWS\SYSTEM32\attjhlgv.exe -> Adware.Searchcolor : Cleaned.
    C:\WINDOWS\SYSTEM32\kdwygqjb.exe -> Adware.Searchcolor : Cleaned.
    C:\WINDOWS\SYSTEM32\pidrpcfr.exe -> Adware.Searchcolor : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0265194.dll -> Adware.Searchcolours : Cleaned.
    HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : Cleaned.
    HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : Cleaned.
    HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP561\A0256719.dll -> Adware.Virtumonde : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276874.dll -> Adware.Virtumonde : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276875.dll -> Adware.Virtumonde : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276876.dll -> Adware.Virtumonde : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276877.dll -> Adware.Virtumonde : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276878.dll -> Adware.Virtumonde : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276879.dll -> Adware.Virtumonde : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276880.dll -> Adware.Virtumonde : Cleaned.
    C:\WINDOWS\SYSTEM32\__delete_on_reboot__a_c_m_s_v_c_._d_l_l_ -> Adware.Virtumonde : Cleaned.
    C:\WINDOWS\SYSTEM32\__delete_on_reboot__i_n_e_t_s_y_s_._d_l_l_ -> Adware.Virtumonde : Cleaned.
    C:\WINDOWS\SYSTEM32\__delete_on_reboot__m_c_c_m_d_._d_l_l_ -> Adware.Virtumonde : Cleaned.
    C:\WINDOWS\SYSTEM32\__delete_on_reboot__m_s_v_c_w_a_v_e_._d_l_l_ -> Adware.Virtumonde : Cleaned.
    C:\WINDOWS\SYSTEM32\__delete_on_reboot__n_e_t_a_b_r_._d_l_l_ -> Adware.Virtumonde : Cleaned.
    C:\WINDOWS\SYSTEM32\__delete_on_reboot__s_y_s_v_s_s_._d_l_l_ -> Adware.Virtumonde : Cleaned.
    C:\WINDOWS\SYSTEM32\__delete_on_reboot__w_e_b_t_a_p_i_._d_l_l_ -> Adware.Virtumonde : Cleaned.
    C:\WINDOWS\SYSTEM32\tcpiis.dll -> Adware.Virtumonde : Cleaned.
    C:\WINDOWS\SYSTEM32\ddcca.dll -> Logger.Agent.hn : Cleaned.
    C:\WINDOWS\SYSTEM32\ssqpq.dll -> Logger.Agent.hn : Cleaned.
    C:\WINDOWS\SYSTEM32\wgxloudr.dll -> Logger.VBStat.d : Cleaned.
    C:\Documents and Settings\DanTman\Local Settings\Temp\bhskjwsa.dll -> Logger.VBStat.e : Cleaned.
    C:\Documents and Settings\DanTman\Local Settings\Temp\bmjmcmgr.dll -> Logger.VBStat.e : Cleaned.
    C:\Documents and Settings\DanTman\Local Settings\Temp\bpmknctb.dll -> Logger.VBStat.e : Cleaned.
    C:\Documents and Settings\DanTman\Local Settings\Temp\ccfqlplw.dll -> Logger.VBStat.e : Cleaned.
    C:\Documents and Settings\DanTman\Local Settings\Temp\cfcsjfat.dll -> Logger.VBStat.e : Cleaned.
    C:\Documents and Settings\DanTman\Local Settings\Temp\dimschbr.dll -> Logger.VBStat.e : Cleaned.
    C:\Documents and Settings\DanTman\Local Settings\Temp\hdloburc.dll -> Logger.VBStat.e : Cleaned.
    C:\Documents and Settings\DanTman\Local Settings\Temp\lmnjfaba.dll -> Logger.VBStat.e : Cleaned.
    C:\Documents and Settings\DanTman\Local Settings\Temp\oyplfcad.dll -> Logger.VBStat.e : Cleaned.
    C:\Documents and Settings\DanTman\Local Settings\Temp\rniedasr.dll -> Logger.VBStat.e : Cleaned.
    C:\Documents and Settings\DanTman\Local Settings\Temp\rpeyirom.dll -> Logger.VBStat.e : Cleaned.
    C:\Documents and Settings\DanTman\Local Settings\Temp\ucmodwfg.dll -> Logger.VBStat.e : Cleaned.
    C:\Documents and Settings\DanTman\Local Settings\Temp\ygdclvgu.dll -> Logger.VBStat.e : Cleaned.
    C:\Documents and Settings\DanTman\Local Settings\Temp\ymcaogxg.dll -> Logger.VBStat.e : Cleaned.
    C:\WINDOWS\SYSTEM32\cdlmfqiq.dll -> Logger.VBStat.e : Cleaned.
    C:\WINDOWS\SYSTEM32\fisrycjj.dll -> Logger.VBStat.e : Cleaned.
    C:\WINDOWS\SYSTEM32\jasppmpr.dll -> Logger.VBStat.e : Cleaned.
    C:\WINDOWS\SYSTEM32\ewhrmxks.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned.
    C:\WINDOWS\SYSTEM32\inutjjrd.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned.
    C:\WINDOWS\SYSTEM32\rowhlodn.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned.
    C:\WINDOWS\SYSTEM32\xclvcgdr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned.
    C:\WINDOWS\Downloaded Program Files\USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
    C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
    :mozilla.131:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.132:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.133:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.134:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.135:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.136:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.137:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.138:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.139:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.140:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.141:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.142:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.143:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.144:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.145:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.146:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.147:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.148:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.149:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.150:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.151:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.152:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.195:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.304:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.307:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.322:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.556:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.536:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.91:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.92:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.96:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.98:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.267:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.268:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.628:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.629:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.630:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.631:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.274:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.275:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.211:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.212:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.213:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.215:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.26:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.168:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
    :mozilla.611:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
    :mozilla.612:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
    :mozilla.613:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
    :mozilla.614:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
    :mozilla.67:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
    :mozilla.39:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.43:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.44:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.99:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.331:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.56:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.57:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.58:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.59:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.22:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.196:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.345:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.346:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.347:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.348:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.349:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.350:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.351:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.352:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.353:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.354:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.355:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.356:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.357:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.358:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.359:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.360:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.361:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.362:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.363:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.364:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.365:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.366:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.367:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.368:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.369:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.370:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.371:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.261:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.262:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.263:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.264:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.287:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.288:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.289:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.290:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.291:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.89:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.90:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.93:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.673:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.395:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
    :mozilla.230:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
    :mozilla.231:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
    :mozilla.62:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.63:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.489:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.490:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.491:C:\Documents and Settings\DanTman\Application Data\Mo
     
  9. dantman

    dantman Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    10
    :mozilla.269:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.270:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.271:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.272:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.273:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.197:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.198:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.500:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.501:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.502:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.68:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.69:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.70:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.71:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.72:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.73:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.74:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.75:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.76:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.77:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.78:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.509:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.199:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.200:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.201:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.202:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.203:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.204:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.205:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.169:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.170:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.171:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.172:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.173:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.174:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.692:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.693:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.694:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.265:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.266:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.11:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.32:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.38:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.40:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.42:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.548:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.549:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.550:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.126:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.33:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.34:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.35:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.36:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.37:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.41:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.20:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.21:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.23:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.24:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.600:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.601:C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP554\A0253197.sys -> Trojan.Agent.ny : Cleaned.
    C:\VundoFix Backups\DP.sys -> Trojan.Agent.ny : Cleaned.
    C:\WINDOWS\SYSTEM32\aapvxcnt.exe -> Trojan.Agent.ny : Cleaned.
    C:\WINDOWS\SYSTEM32\asvxesyx.exe -> Trojan.Agent.ny : Cleaned.
    C:\WINDOWS\SYSTEM32\bwgjnepl.exe -> Trojan.Agent.ny : Cleaned.
    C:\WINDOWS\SYSTEM32\dkuhiswo.exe -> Trojan.Agent.ny : Cleaned.
    C:\WINDOWS\SYSTEM32\ffybfhsw.exe -> Trojan.Agent.ny : Cleaned.
    C:\WINDOWS\SYSTEM32\gfadxhsy.exe -> Trojan.Agent.ny : Cleaned.
    C:\WINDOWS\SYSTEM32\kmquygkj.exe -> Trojan.Agent.ny : Cleaned.
    C:\WINDOWS\SYSTEM32\oqlpymed.exe -> Trojan.Agent.ny : Cleaned.
    C:\WINDOWS\SYSTEM32\xkhdmctj.exe -> Trojan.Agent.ny : Cleaned.
    C:\WINDOWS\SYSTEM32\ydvhvscc.exe -> Trojan.Agent.ny : Cleaned.
    C:\WINDOWS\SYSTEM32\yhjkxrom.exe -> Trojan.Agent.ny : Cleaned.
    C:\WINDOWS\SYSTEM32\gblkxlia.dll -> Trojan.BHO.g : Cleaned.
    C:\WINDOWS\SYSTEM32\iqmvamlm.dll -> Trojan.BHO.g : Cleaned.
    C:\WINDOWS\SYSTEM32\wwhyptup.dll -> Trojan.BHO.g : Cleaned.
    C:\WINDOWS\SYSTEM32\ftclsnor.dll -> Trojan.Crypt.o : Cleaned.
    C:\WINDOWS\SYSTEM32\ijuftlcy.dll -> Trojan.Crypt.o : Cleaned.
    C:\Documents and Settings\DanTman\Desktop\MPHDowngrader.zip/PSP/PHOTO/overflow.tif -> Trojan.PSPBrick : Cleaned.
    C:\WINDOWS\SYSTEM32\orqxytoo.exe -> Trojan.Small.ju : Cleaned.
    C:\WINDOWS\SYSTEM32\uismnvyy.exe -> Trojan.Small.ju : Cleaned.


    ::Report end
     
  10. dantman

    dantman Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    10
    Incident Status Location

    Potentially unwanted tool:application/sysprotect Not disinfected hkey_local_machine\software\classes\appid\CheckProduct2_1.DLL
    Adware:adware/powerstrip Not disinfected Windows Registry
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[stats1.reliablestats.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[www.drivecleaner.com/.freeware/]
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.drivecleaner.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[www.systemdoctor.com/download/2006/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[stats.drivecleaner.com/]
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.target.com/]
    Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.linksynergy.com/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.as-us.falkag.net/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.belnk.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.com.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.go.com/]
    Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.hotlog.ru/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.overture.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.revenue.net/]
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.tradedoubler.com/]
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\cookies.txt[citi.bridgetrack.com/]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\DanTman\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
    Possible Virus. Not disinfected C:\Documents and Settings\DanTman\Desktop\SmitfraudFix.zip[SmitfraudFix/swsc.exe]
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\CA8L6VOL.html
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\SYSTEM32\jekkreig.exe
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\jovyfssi.dll
    Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\rhgvweyp.dll
    Possible Virus. Not disinfected C:\WINDOWS\Web\PRINTERS\abkatsk.dll



    ok theres the 3 reports, i followed your directions from start to finish. thx i really appreciate your help. im still getting some win anti 2006 poping up and some errors. im running the current version of firefox.
     
  11. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    * Go to Control Panel > Internet Options. On the General tab under
    "Temporary Internet Files" Click "Delete Files". Put a check by "Delete
    Offline Content" and click OK. Click on the "Delete Cookies" button to clear
    the cookies.


    To block cookies in IE.

    Go to view/privacy report/highlight the offending cookie/click summary/
    and choose never allow this site to use cookies/ click ok and exit!This
    will block all tracking cookies from being set on your computer!


    For Mozilla

    To block cookies in mozilla and stop them from coming back click on
    tools/ options/privacy/click view cookies, now you will now see a
    list of cookies, click on all the cookies to delete that you don't want
    to keep! You can view all the blocked cookies by clicking exceptions!


    Clean out your cookies folder!


    C:\Documents and Settings\DanTman\Application Data\Mozilla\Firefox\Profiles\wkgf8xty.default\



    have hijack this fix these entries. close all browsers and programmes before
    clicking FIX.



    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
    O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll
    O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll



    Double-click on Killbox.exe to run it. Now put a tick by Delete on
    Reboot. In the "Full Path of File to Delete" box, copy and paste each
    of the following lines one at a time then click on the button that has
    the red circle with the X in the middle after you enter each file.
    It will ask for confimation to delete the file on next reboot. Click
    Yes. It will then ask if you want to reboot now. Click No. Continue
    with that same procedure until you have copied and pasted all of
    these in the "Paste Full Path of File to Delete" box.Then click yes
    to reboot after you entered the last one.


    Note: It is possible that Killbox will tell you that one or more files do not
    exist. If that happens, just continue on with all the files. Be sure you
    don't miss any.



    C:\Program Files\SmileyDistrict\insmile.dll
    C:\Program Files\SmileyDistrict
    C:\Program Files\VSAdd-in
    C:\WINDOWS\SYSTEM32\jekkreig.exe
    C:\WINDOWS\SYSTEM32\jovyfssi.dll
    C:\WINDOWS\SYSTEM32\rhgvweyp.dll
    C:\WINDOWS\Web\PRINTERS\abkatsk.dll




    go to this site and download these tools and once you get both
    adaware Se 1.6 and spybot, update both of them.

    Set adaware to do a full system scan and deselect, "search for neglible risk
    entries". Click next to start the scan. Delete everything adaware finds.

    reboot and now run spybot

    Spybot: Search and destroy.

    Delete what spybot finds marked in red. After updating spybot hit the
    immunize button.



    Download Superantispyware.

    http://www.superantispyware.com/


    Once downloaded and installed update the defintions
    and then run a full system scan quarantine what it finds!



    All tools can be downloaded at the link below and found on that page!

    . SUPERAntiSpyware
    . SpyBot search and destroy
    . AdAware SE personal


    http://www.majorgeeks.com/downloads31.html


    post another log
     
  12. dantman

    dantman Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    10
    ok completed all that and heres my logs

    Logfile of HijackThis v1.99.1
    Scan saved at 10:26:36 PM, on 11/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\DanTman\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2C59D2A3-D418-402A-9521-5231D7092AB4} - (no file)
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
    O2 - BHO: (no name) - {4DB56557-8C43-41A0-A274-D36D131E4D78} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {99C31CA1-A801-49C6-A477-B43FD54A8E30} - C:\WINDOWS\system32\smysrjjv.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: acmsvc - C:\WINDOWS\system32\acmsvc.dll (file missing)
    O20 - Winlogon Notify: hrfuwrpg - C:\WINDOWS\SYSTEM32\hrfuwrpg.dll
    O20 - Winlogon Notify: inetsys - C:\WINDOWS\system32\inetsys.dll (file missing)
    O20 - Winlogon Notify: mccmd - C:\WINDOWS\system32\mccmd.dll (file missing)
    O20 - Winlogon Notify: msvcwave - C:\WINDOWS\system32\msvcwave.dll (file missing)
    O20 - Winlogon Notify: netabr - C:\WINDOWS\system32\netabr.dll (file missing)
    O20 - Winlogon Notify: sysvss - C:\WINDOWS\system32\sysvss.dll (file missing)
    O20 - Winlogon Notify: webtapi - C:\WINDOWS\system32\webtapi.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
     
  13. dantman

    dantman Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    10
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 8:56:59 PM 11/7/2006

    + Scan result:



    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276916.dll -> Adware.Aws : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276921.dll -> Adware.BHO : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276920.exe -> Adware.Searchcolor : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276917.dll -> Adware.Virtumonde : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276896.dll -> Logger.Agent.hn : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276897.dll -> Logger.Agent.hn : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276905.dll -> Logger.VBStat.d : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276884.sys -> Trojan.Agent.ny : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276885.exe -> Trojan.Agent.ny : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276886.exe -> Trojan.Agent.ny : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276887.exe -> Trojan.Agent.ny : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276888.exe -> Trojan.Agent.ny : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276889.exe -> Trojan.Agent.ny : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276890.exe -> Trojan.Agent.ny : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276891.exe -> Trojan.Agent.ny : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276892.exe -> Trojan.Agent.ny : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276893.exe -> Trojan.Agent.ny : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276894.exe -> Trojan.Agent.ny : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276895.exe -> Trojan.Agent.ny : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP602\A0276902.dll -> Trojan.BHO.g : No action taken.


    ::Report end
     
  14. dantman

    dantman Thread Starter

    Joined:
    Nov 5, 2006
    Messages:
    10
    Incident Status Location

    Adware:adware/powerstrip Not disinfected Windows Registry
    Possible Virus. Not disinfected C:\!KillBox\rhgvweyp.dll
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\DanTman\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
    Possible Virus.


    i had a smitfraudfix zip om my desktop, i never unzipped it but i deleted it just now.
     
  15. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    you don't appear to have a firewall, even if you have a router you still need
    a software frewall, downlaod the one from the link below!


    Comodo firewall. Sign up it's free!

    http://www.personalfirewall.trustix.com/


    Threads on comodo!

    http://www.wilderssecurity.com/forumdisplay.php?f=31



    have hijack this fix these entries. close all browsers and programmes before
    clicking FIX.


    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {2C59D2A3-D418-402A-9521-5231D7092AB4} - (no file)
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
    O2 - BHO: (no name) - {4DB56557-8C43-41A0-A274-D36D131E4D78} - (no file)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {99C31CA1-A801-49C6-A477-B43FD54A8E30} - C:\WINDOWS\system32\smysrjjv.dll
    O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O20 - Winlogon Notify: acmsvc - C:\WINDOWS\system32\acmsvc.dll (file missing)
    O20 - Winlogon Notify: hrfuwrpg - C:\WINDOWS\SYSTEM32\hrfuwrpg.dll
    O20 - Winlogon Notify: inetsys - C:\WINDOWS\system32\inetsys.dll (file missing)
    O20 - Winlogon Notify: mccmd - C:\WINDOWS\system32\mccmd.dll (file missing)
    O20 - Winlogon Notify: msvcwave - C:\WINDOWS\system32\msvcwave.dll (file missing)
    O20 - Winlogon Notify: netabr - C:\WINDOWS\system32\netabr.dll (file missing)
    O20 - Winlogon Notify: sysvss - C:\WINDOWS\system32\sysvss.dll (file missing)
    O20 - Winlogon Notify: webtapi - C:\WINDOWS\system32\webtapi.dll (file missing)




    Double-click on Killbox.exe to run it. Now put a tick by Delete on
    Reboot. In the "Full Path of File to Delete" box, copy and paste each
    of the following lines one at a time then click on the button that has
    the red circle with the X in the middle after you enter each file.
    It will ask for confimation to delete the file on next reboot. Click
    Yes. It will then ask if you want to reboot now. Click No. Continue
    with that same procedure until you have copied and pasted all of
    these in the "Paste Full Path of File to Delete" box.Then click yes
    to reboot after you entered the last one.


    Note: It is possible that Killbox will tell you that one or more files do not
    exist. If that happens, just continue on with all the files. Be sure you
    don't miss any.



    C:\WINDOWS\system32\smysrjjv.dll


    post another log
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/515908

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice