1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Need help with WinAntivirusPro PLEASE

Discussion in 'Virus & Other Malware Removal' started by r8rfnatc, Feb 1, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. r8rfnatc

    r8rfnatc Thread Starter

    Joined:
    Jan 13, 2006
    Messages:
    43
    Well I thought I had this computer cleaned up but as I try to get online I start getting popups trying to install WinAntivirusPro2007. I did not let it install but this keeps happening ..... Here's the HJT log ... Thanks in advance for your help!

    Logfile of HijackThis v1.99.1
    Scan saved at 6:28:20 PM, on 2/1/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Anthony Boynton\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\RunOnce: [RemovestgStuffIt] cmd.exe /c del /Q "C:\Program Files\Allume\StuffIt\StuffIt.stg"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~2\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169176415421
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab

    O20 - AppInit_DLLs:


    Reboot.

    Download WinPFind.exe to your desktop and double click on it open it and then select “extract” to extract the files. This will create a folder named WinPFind on your desktop.

    Start in Safe Mode Using the F8 method:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
    • Use the arrow keys to select the Safe Mode menu item.
    • Press the Enter key.

    Double click on the WinPFind folder on your desktop to open it and then double click on the WinPFind.exe file to start the program.

    • Click “Configure scan options”
    • Under “Run AdOns” select the following:
      • Policies.def
      • Security.def
    • Click “apply”
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new Hijack This log.
     
  3. r8rfnatc

    r8rfnatc Thread Starter

    Joined:
    Jan 13, 2006
    Messages:
    43
    I've run the WinPFind numorous times and it will not finish scanning. I've left it on even overnight to make sure I was giving it enough time but it just gets to a certain point & freezes up. Any suggestions?
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Does that happen in Normal Mode too
     
  5. r8rfnatc

    r8rfnatc Thread Starter

    Joined:
    Jan 13, 2006
    Messages:
    43
    I tried both Safe Mode and Normal Mode
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Okay skip that and do this instead

    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm

    Once you are on the Panda site click the Scan your PC button.
    A new window will open...click the Check Now button.
    Enter your Country.
    Enter your State/Province.
    Enter your e-mail address and click send.
    Select either Home User or Company.
    Click the big Scan Now button.
    If it wants to install an ActiveX component allow it.
    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    When download is complete, click on My Computer to start the scan.
    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report.
     
  7. r8rfnatc

    r8rfnatc Thread Starter

    Joined:
    Jan 13, 2006
    Messages:
    43
    When I went online to do this scan DriveCleaner tried to reinstall on the computer again. Here is the activescan report.



    Incident Status Location

    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Anthony Boynton\Cookies\anthony [email protected][1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Anthony Boynton\Cookies\anthony [email protected][1].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Anthony Boynton\Cookies\anthony [email protected][2].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Anthony Boynton\Cookies\anthony [email protected][1].txt
    Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\Anthony Boynton\Local Settings\Temporary Internet Files\Content.IE5\UPZWTGVI\installdrivecleanerstart[1].cab[UDC6_0001_D19M1908NetInstaller.exe]
    Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UDC6_0001_D19M1908NetInstaller.exe
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERS_9999_N91S2507NetInstaller.exe
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS7_0001_N91M1112NetInstaller.exe
    Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UDC6_0001_D19M1908NetInstaller.exe
    Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe
    Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply.

    Rescan with Hijack This, close all browser windows except Hijack This, put a checkmark beside these entries and click fix checked.

    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab

    Reboot and post another Hijack This log please.
     
  9. r8rfnatc

    r8rfnatc Thread Starter

    Joined:
    Jan 13, 2006
    Messages:
    43
    I hope i'm not being stupid here but I can't get the Ctrl+C to copy or the Ctrl+V to paste ... am I doing something wrong?
     
  10. r8rfnatc

    r8rfnatc Thread Starter

    Joined:
    Jan 13, 2006
    Messages:
    43
    Nevermind I got it to work. I'll post the log as soon as it's done.
     
  11. r8rfnatc

    r8rfnatc Thread Starter

    Joined:
    Jan 13, 2006
    Messages:
    43
    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\itclgnsi

    *******************

    Script file located at: \??\C:\WINDOWS\gbdsbiyc.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:



    Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.1 not found!
    Deletion of folder C:\WINDOWS\Downloaded Program Files\CONFLICT.1 failed!

    Could not process line:
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1
    Status: 0xc0000034



    Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.2 not found!
    Deletion of folder C:\WINDOWS\Downloaded Program Files\CONFLICT.2 failed!

    Could not process line:
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2
    Status: 0xc0000034



    File C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe not found!
    Deletion of file C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe failed!

    Could not process line:
    C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe
    Status: 0xc0000034



    File C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe not found!
    Deletion of file C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe failed!

    Could not process line:
    C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe
    Status: 0xc0000034



    File C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe not found!
    Deletion of file C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe failed!

    Could not process line:
    C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe
    Status: 0xc0000034



    File C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe not found!
    Deletion of file C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe failed!

    Could not process line:
    C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
    Status: 0xc0000034



    File C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe not found!
    Deletion of file C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe failed!

    Could not process line:
    C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
    Status: 0xc0000034



    File C:\WINDOWS\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe not found!
    Deletion of file C:\WINDOWS\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe failed!

    Could not process line:
    C:\WINDOWS\Downloaded Program Files\UWAS7_0001_N91M1112NetInstaller.exe
    Status: 0xc0000034


    Completed script processing.

    *******************

    Finished! Terminate.
     
  12. r8rfnatc

    r8rfnatc Thread Starter

    Joined:
    Jan 13, 2006
    Messages:
    43
    Logfile of HijackThis v1.99.1
    Scan saved at 9:14:18 PM, on 2/5/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Anthony Boynton\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~2\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169176415421
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    How are things now
     
  14. r8rfnatc

    r8rfnatc Thread Starter

    Joined:
    Jan 13, 2006
    Messages:
    43
    I have been surfing the net today with no problems. Then I did a scan with AVG Anti-Spyware. (Report Below) It still showed a bunch of spyware. Should I be concerened?
    WinAntiVirusPro was one of them. I still have not had any popups or attacks happen though.


    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 4:22:00 PM 2/6/2007

    + Scan result:



    C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll -> Adware.Companion : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045580.dll -> Adware.Companion : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045494.exe -> Adware.Systemdoctor : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045495.dll -> Adware.Systemdoctor : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045496.exe -> Adware.Systemdoctor : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045497.exe -> Adware.Systemdoctor : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP356\A0045600.exe -> Adware.Systemdoctor : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools -> Adware.WebSearch : Error during cleaning.
    C:\Program Files\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\Program Files\WinAntiVirus Pro 2006\msvcp71.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034728.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034729.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034730.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034731.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034732.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034795.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034796.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034798.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034800.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034801.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034802.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034803.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034805.ini -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034806.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034808.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034809.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034810.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034811.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034846.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034847.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034851.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034852.cpl -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034853.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034854.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034855.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034856.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045535.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045536.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045537.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045538.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045539.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045541.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045542.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045543.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045544.ini -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045547.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045554.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045555.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045558.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045559.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045560.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP355\A0045561.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    HKU\S-1-5-21-202323283-1119835325-3185786132-1006\Software\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    HKU\S-1-5-21-202323283-1119835325-3185786132-1006\Software\WinAntiVirus Pro 2006\Settings -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP356\A0045599.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0035237.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034725.exe -> Downloader.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034726.exe -> Downloader.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP356\A0045602.exe -> Downloader.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP356\A0045603.exe -> Downloader.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP358\A0047805.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP358\A0047809.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP358\A0047811.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
    C:\avenger\backup-Mon 02.05.2007-21.03.43.35.zip/avenger/CONFLICT.1/UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
    C:\avenger\backup-Mon 02.05.2007-21.03.43.35.zip/avenger/CONFLICT.2/UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
    C:\avenger\backup-Mon 02.05.2007-21.03.43.35.zip/avenger/UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
    C:\Documents and Settings\Anthony Boynton\Local Settings\Temp\ICD1.tmp\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP358\A0047806.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP358\A0047807.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP358\A0047808.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP358\A0047812.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP358\A0047814.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP358\A0047815.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP358\A0047816.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\avenger\backup-Mon 02.05.2007-21.03.43.35.zip/avenger/CONFLICT.1/UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\avenger\backup-Mon 02.05.2007-21.03.43.35.zip/avenger/CONFLICT.1/UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\avenger\backup-Mon 02.05.2007-21.03.43.35.zip/avenger/CONFLICT.1/UWAS7_0001_N91M1112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\avenger\backup-Mon 02.05.2007-21.03.43.35.zip/avenger/UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\avenger\backup-Mon 02.05.2007-21.03.43.35.zip/avenger/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\avenger\backup-Mon 02.05.2007-21.03.43.35.zip/avenger/UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\avenger\backup-Mon 02.05.2007-21.03.43.35.zip/avenger/UWAS7_0001_N91M1112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP358\A0047813.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
    C:\avenger\backup-Mon 02.05.2007-21.03.43.35.zip/avenger/USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034857.exe -> Not-A-Virus.NetTool.Win32.Sniffer.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Anthony Boynton\Cookies\anthony [email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Anthony Boynton\Cookies\anthony [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Anthony Boynton\Cookies\anthony [email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Anthony Boynton\Cookies\anthony [email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\Anthony Boynton\Cookies\anthony [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034727.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP337\A0034724.ocm -> Worm.AimVen : Cleaned with backup (quarantined).


    ::Report end
     
  15. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Find and delete this fodler: C:\Program Files\Common Files\WinAntiVirus Pro 2006

    Now turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer.

    Turn System Restore back on and create a restore point.

    To create a restore point:

    Single-click Start and point to All Programs.
    Mouse over Accessories, then System Tools, and select System Restore.
    In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/540364

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice