WinAntiVirus killing me, please help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

sspeedracer

Thread Starter
Joined
Jan 15, 2007
Messages
17
If anyone can help I'd appreciate it. Seems that my laptop is infected and showing the typical symptoms... popups and attempted access (blocked via s/w firewall). Please help me understand what steps to take.

Appreciate your help.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi, Welcome to TSG!!


Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

sspeedracer

Thread Starter
Joined
Jan 15, 2007
Messages
17
Appreciate the quick reply.



Logfile of HijackThis v1.99.1
Scan saved at 7:27:29 AM, on 1/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape 6\Netscp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: %ur|
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O3 - Toolbar: MyPoints Visual Search - {E92BEFBA-E79D-4F41-9733-68DA49C4492B} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\ychkhpgu.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CSRSSW] C:\WINDOWS\System32\CSRSSW.EXE
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - WWW. Prefix: http://ehttp.cc/?
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Download the Hoster and unzip it to your desktop.
www.funkytoad.com/download/hoster.zip
Next, open the Hoster
Make sure that you see "Your hosts file is editable" if not click the button in the upper right corner.
Now, click on 'back up Host files'
then click on 'Restore Microsoft's orginal host files'
Finally, close the hoster.


Download this tool
http://www.mvps.org/winhelp2002/DelDomains.inf
Right click on the file and choose install.


Run HJT again and put a check in the following:

O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\ychkhpgu.dll",setvm
O4 - HKCU\..\Run: [CSRSSW] C:\WINDOWS\System32\CSRSSW.EXE
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - WWW. Prefix: http://ehttp.cc/?
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab

Close all applications and browser windows before you click "fix checked".



Click Here and download Killbox and save it to your desktop.



Double-click on Killbox.exe to run it.
Put a tick by Delete on Reboot.
Copy the following list of files to clipboard, CTRL+C to copy

C:\WINDOWS\System32\CSRSSW.EXE
C:\WINDOWS\System32\ychkhpgu.dll
C:\Program Files\VSAdd-in


Now in Killbox go to File, Paste from clipboard.
Click the All Files button.
Click on the button that has the red circle with the X in the middle.
It will ask for confimation to delete the file.
Click Yes.
It will ask if you want to reboot now,
Click Yes.

Note: It is possible that Killbox will tell you that the file does not exist.

If your computer does not restart automatically then please restart it manually.
If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.



Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.





Download and install AVG Anti-Spyware 7.5 AVG ANTI-SPYWARE IS ONLY FOR SYSTEMS RUNNING WIN 2K and XP
(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware)
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here. Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:
1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?" check all (default).
  • Under "Possibly unwanted software" check all (default).
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

Note: If AVG Anti-Spyware "crashes" or "hangs" during the scan, try scanning again by doing this:
1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.
 

sspeedracer

Thread Starter
Joined
Jan 15, 2007
Messages
17
Thanks.

I was unable to delete C:\WINDOWS\System32\CSRSSW.EXE , Killbox would not allow me to paste. Everything else went per your instructions.

Here is the AVG log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:33:02 AM 1/16/2007

+ Scan result:



C:\temp\Setup.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1811DDD-4447-407E-94BB-1862EAE864D1}\RP607\A0100723.EXE -> Adware.Background : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WTLBAss.VDOMP -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WTLBAss.VDOMP.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WTLBAss.VDOMP\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WTLBAss.VDOMP\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\WINDOWS\stoolbd.dll -> Adware.FastLook : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\VSToolbar\VSToolBar.dll -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pijovylf.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\scdbbryn.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\WINDOWS\java\classes\nifoars.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vtstt.dll -> Downloader.ConHook.q : Cleaned with backup (quarantined).
C:\bla.exe -> Downloader.Small.aaq : Cleaned with backup (quarantined).
C:\cleol23oad.exe -> Hijacker.Small.ma : Cleaned with backup (quarantined).
C:\medsload.exe -> Hijacker.Small.ma : Cleaned with backup (quarantined).
C:\WINDOWS\WTLBUI.exe -> Hijacker.StartPage.ig : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jvrmbwcj.dll -> Logger.Agent.ps : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rdqxpmuj.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wmmgcdtu.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.14\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.15\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.16\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.68:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.104:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.103:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.105:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.111:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.112:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.113:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.114:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.115:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.116:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.117:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.56:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.53:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.49:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.78:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.79:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.80:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.81:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.124:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.125:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.126:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.127:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.128:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.129:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.130:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.131:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.132:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.192:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.193:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.194:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.195:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.52:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.92:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.93:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.142:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.143:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.144:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.145:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.146:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.140:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.141:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.107:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.108:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.109:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.110:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.133:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.134:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.135:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.136:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.137:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.138:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.139:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.100:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.101:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.102:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.82:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.83:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.84:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.85:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.86:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.87:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.88:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.89:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.90:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.91:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.94:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.95:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.96:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.97:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.98:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.99:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.224:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.X10 : Cleaned.
:mozilla.225:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.X10 : Cleaned.
:mozilla.226:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.X10 : Cleaned.
:mozilla.227:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.X10 : Cleaned.
:mozilla.228:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.X10 : Cleaned.
:mozilla.229:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.X10 : Cleaned.
:mozilla.168:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.169:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.170:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.171:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\VSAdd-in\VSAdd-in.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\DP.sys -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\system32\geoemgyx.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\system32\brxynkfc.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kowspxpj.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mvluocnc.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nixqodme.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).


::Report end
 

sspeedracer

Thread Starter
Joined
Jan 15, 2007
Messages
17
I gave it a few days before replying just to make sure nothing popped up. So far nothing!

Thanks, I'm going to investigate your donation link.
 

sspeedracer

Thread Starter
Joined
Jan 15, 2007
Messages
17
Lots of crap running on this computer. Guess thats what happens when 4 people use it regularly.

Logfile of HijackThis v1.99.1
Scan saved at 10:49:59 PM, on 1/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Netscape\NETSCA~1\Netscp.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {205832CF-C341-41B5-93E8-E4AB0490A9EB} - C:\WINDOWS\java\classes\nifoars.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: MyPointsToolbarHelper Class - {5C2073DD-2ED6-4FF9-80D1-543F720043A9} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\gadabspx.dll
O2 - BHO: VDOMP Class - {A0ED918D-B8E6-4c3d-BD15-1DB1AE9A5DD3} - C:\WINDOWS\wtlbass32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AD96D758-4A9D-4299-9BF2-7783F377BFB6} - C:\WINDOWS\System32\cvmcijhb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MyPoints Visual Search - {E92BEFBA-E79D-4F41-9733-68DA49C4492B} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\nmjfvwle.dll",setvm
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: nifoars - C:\WINDOWS\java\classes\nifoars.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
 

sspeedracer

Thread Starter
Joined
Jan 15, 2007
Messages
17
Logfile of HijackThis v1.99.1
Scan saved at 9:21:17 PM, on 1/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\Real\REALPL~1\trueplay.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\Netscape\NETSCA~1\Netscp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {205832CF-C341-41B5-93E8-E4AB0490A9EB} - C:\WINDOWS\java\classes\nifoars.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: MyPointsToolbarHelper Class - {5C2073DD-2ED6-4FF9-80D1-543F720043A9} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\gadabspx.dll (file missing)
O2 - BHO: VDOMP Class - {A0ED918D-B8E6-4c3d-BD15-1DB1AE9A5DD3} - C:\WINDOWS\wtlbass32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AD96D758-4A9D-4299-9BF2-7783F377BFB6} - C:\WINDOWS\System32\cvmcijhb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MyPoints Visual Search - {E92BEFBA-E79D-4F41-9733-68DA49C4492B} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: nifoars - C:\WINDOWS\java\classes\nifoars.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 

sspeedracer

Thread Starter
Joined
Jan 15, 2007
Messages
17
VundoFix V6.3.2

Checking Java version...

Java version is 1.4.2.3

Scan started at 9:09:53 PM 1/25/2007

Listing files found while scanning....

C:\Documents and settings\Trena\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Trena\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\java\classes\nifoars.dll
C:\WINDOWS\java\classes\sraofin.bak1
C:\WINDOWS\java\classes\sraofin.bak2
C:\WINDOWS\java\classes\sraofin.ini
C:\WINDOWS\java\classes\sraofin.tmp
C:\WINDOWS\System32\alrwberq.dll
C:\WINDOWS\system32\bajpcuik.dll
C:\WINDOWS\System32\brxynkfc.dll
C:\WINDOWS\system32\cpkcrxwu.dll
C:\WINDOWS\system32\elwvfjmn.ini
C:\WINDOWS\system32\fckhnnlo.dll
C:\WINDOWS\System32\gadabspx.dll
C:\WINDOWS\system32\gjygaqnp.dll
C:\WINDOWS\system32\khnelfeg.dll
C:\WINDOWS\System32\kowspxpj.dll
C:\WINDOWS\System32\mvluocnc.dll
C:\WINDOWS\system32\nmjfvwle.dll
C:\WINDOWS\System32\pndiujjj.dll
C:\WINDOWS\system32\qgsxgtic.exe

Beginning removal...

Attempting to delete C:\Documents and settings\Trena\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Trena\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\Trena\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Trena\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\sraofin.bak1
C:\WINDOWS\java\classes\sraofin.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\sraofin.bak2
C:\WINDOWS\java\classes\sraofin.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\sraofin.ini
C:\WINDOWS\java\classes\sraofin.ini Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\sraofin.tmp
C:\WINDOWS\java\classes\sraofin.tmp Has been deleted!

Attempting to delete C:\WINDOWS\System32\alrwberq.dll
C:\WINDOWS\System32\alrwberq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bajpcuik.dll
C:\WINDOWS\system32\bajpcuik.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cpkcrxwu.dll
C:\WINDOWS\system32\cpkcrxwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\elwvfjmn.ini
C:\WINDOWS\system32\elwvfjmn.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fckhnnlo.dll
C:\WINDOWS\system32\fckhnnlo.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\gadabspx.dll
C:\WINDOWS\System32\gadabspx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjygaqnp.dll
C:\WINDOWS\system32\gjygaqnp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khnelfeg.dll
C:\WINDOWS\system32\khnelfeg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nmjfvwle.dll
C:\WINDOWS\system32\nmjfvwle.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\pndiujjj.dll
C:\WINDOWS\System32\pndiujjj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qgsxgtic.exe
C:\WINDOWS\system32\qgsxgtic.exe Has been deleted!

Performing Repairs to the registry.
Done!
 

sspeedracer

Thread Starter
Joined
Jan 15, 2007
Messages
17
Logfile of HijackThis v1.99.1
Scan saved at 7:26:41 PM, on 1/26/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape 6\Netscp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\PROGRA~1\Real\REALPL~1\trueplay.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {205832CF-C341-41B5-93E8-E4AB0490A9EB} - C:\WINDOWS\java\classes\nifoars.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: MyPointsToolbarHelper Class - {5C2073DD-2ED6-4FF9-80D1-543F720043A9} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\gadabspx.dll (file missing)
O2 - BHO: VDOMP Class - {A0ED918D-B8E6-4c3d-BD15-1DB1AE9A5DD3} - C:\WINDOWS\wtlbass32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AD96D758-4A9D-4299-9BF2-7783F377BFB6} - C:\WINDOWS\System32\cvmcijhb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MyPoints Visual Search - {E92BEFBA-E79D-4F41-9733-68DA49C4492B} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: nifoars - C:\WINDOWS\java\classes\nifoars.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

O2 - BHO: (no name) - {205832CF-C341-41B5-93E8-E4AB0490A9EB} - C:\WINDOWS\java\classes\nifoars.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\gadabspx.dll (file missing)
O2 - BHO: VDOMP Class - {A0ED918D-B8E6-4c3d-BD15-1DB1AE9A5DD3} - C:\WINDOWS\wtlbass32.dll (file missing)
O2 - BHO: (no name) - {AD96D758-4A9D-4299-9BF2-7783F377BFB6} - C:\WINDOWS\System32\cvmcijhb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (file missing) (HKCU)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: nifoars - C:\WINDOWS\java\classes\nifoars.dll (file missing)

Close all applications and browser windows before you click "fix checked".


Restart the machine.

Run Panda ActiveScan here

Once you are on the Panda site click the "Scan your PC" button.
A new window will open... click the "Check Now" button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address.
Select either Home User or Company.
Click the big "Scan Now" button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes).
When download is complete, click on "Local Disks" to start the scan.
When the scan completes, if anything malicious is detected, click the "See Report" button; then "Save Report" and save it to a convenient location. Post the contents of the Panda scan report in your next reply.

Post a new HiJack This log along with the results from ActiveScan.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top