Tech Support Forum - View Single Post

Roomba · 10-09-2006, 02:34 PM

Hey,

Again, I appreciate your help. I have ran the scans and the logs are posted below.

The WhenU was not in the Add/Remove list of programs. I did delete the directory and files.

1. Ewido scan report

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:31 06-10-07

+ Scan result:

D:\WINDOWS\SYSTEM\exdl.exe -> Adware.BargainBuddy : No action taken.
D:\WINDOWS\SYSTEM\exdl0.exe -> Adware.BargainBuddy : No action taken.
D:\WINDOWS\SYSTEM\exul.exe -> Adware.BargainBuddy : No action taken.
D:\WINDOWS\SYSTEM\javexulm.vxd -> Adware.BargainBuddy : No action taken.
D:\WINDOWS\SYSTEM\mqexdlm.srg -> Adware.BargainBuddy : No action taken.
D:\System Volume Information\_restore{DF188411-83F8-44D3-BF7E-B66E53B83490}\RP617\A0069953.dll -> Adware.SaveNow : No action taken.
D:\WINDOWS\Temporary Internet Files\Content.IE5\NBFKI7S6\saveupdate[1].exe/Save.exe -> Adware.SaveNow : No action taken.
D:\WINDOWS\Temporary Internet Files\Content.IE5\NBFKI7S6\saveupdate[1].exe/SaveUninst.exe -> Adware.SaveNow : No action taken.
C:\WINDOWS\system32\pmnli.exe -> Downloader.ConHook.ab : No action taken.
D:\NULL -> Downloader.QDown.d : No action taken.
D:\WINDOWS\Cookies\jeff burger@zero.ads360[1].txt -> TrackingCookie.Ads360 : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom.zip/jeff burger@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom1.zip/jeff burger@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom10.zip/jeff burger@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom11.zip/jeff burger@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom12.zip/jeff burger@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom13.zip/jeff burger@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom2.zip/jeff burger@advertising[3].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom3.zip/jeff burger@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom4.zip/jeff burger@advertising[4].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom5.zip/jeff burger@servedby.advertising[3].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom6.zip/jeff burger@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom7.zip/jeff burger@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom8.zip/jeff burger@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom9.zip/jeff burger@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc.zip/jeff burger@atdmt[3].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc1.zip/jeff burger@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc2.zip/jeff burger@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc3.zip/jeff burger@atdmt[3].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc4.zip/jeff burger@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc5.zip/jeff burger@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast.zip/jeff burger@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast1.zip/jeff burger@bfast[1].txt -> TrackingCookie.Bfast : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast2.zip/jeff burger@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast3.zip/jeff burger@bfast[3].txt -> TrackingCookie.Bfast : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast4.zip/jeff burger@bfast[1].txt -> TrackingCookie.Bfast : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast5.zip/jeff burger@bfast[1].txt -> TrackingCookie.Bfast : No action taken.
D:\WINDOWS\Cookies\jeff burger@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
D:\WINDOWS\Cookies\jeff burger@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : No action taken.
D:\WINDOWS\Cookies\jeff burger@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
D:\WINDOWS\Cookies\jeff burger@burstnet[3].txt -> TrackingCookie.Burstnet : No action taken.
D:\WINDOWS\Cookies\jeff burger@com[1].txt -> TrackingCookie.Com : No action taken.
D:\WINDOWS\Cookies\jeff burger@com[2].txt -> TrackingCookie.Com : No action taken.
D:\WINDOWS\Cookies\jeff burger@com[4].txt -> TrackingCookie.Com : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics.zip/jeff burger@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics1.zip/jeff burger@data.coremetrics[2].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics2.zip/jeff burger@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics3.zip/jeff burger@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics4.zip/jeff burger@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics5.zip/jeff burger@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick.zip/jeff burger@doubleclick[3].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick1.zip/jeff burger@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick2.zip/jeff burger@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick3.zip/jeff burger@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick4.zip/jeff burger@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick5.zip/jeff burger@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
D:\WINDOWS\Cookies\jeff burger@a-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt -> TrackingCookie.Esomniture : No action taken.
D:\WINDOWS\Cookies\jeff burger@a-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt -> TrackingCookie.Esomniture : No action taken.
D:\WINDOWS\Cookies\jeff burger@y-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt -> TrackingCookie.Esomniture : No action taken.
D:\WINDOWS\Cookies\jeff burger@y-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt -> TrackingCookie.Esomniture : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick.zip/jeff burger@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick1.zip/jeff burger@fastclick[4].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick2.zip/jeff burger@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick3.zip/jeff burger@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick4.zip/jeff burger@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick5.zip/jeff burger@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick6.zip/jeff burger@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
D:\WINDOWS\Cookies\jeff burger@gamershell[1].txt -> TrackingCookie.Gamershell : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox.zip/jeff burger@ehg-idg.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox1.zip/jeff burger@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox10.zip/jeff burger@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox11.zip/jeff burger@ehg-ubisoft.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox12.zip/jeff burger@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox13.zip/jeff burger@ehg-espn.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox14.zip/jeff burger@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox15.zip/jeff burger@ehg-canon.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox16.zip/jeff burger@hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox17.zip/jeff burger@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox18.zip/jeff burger@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox19.zip/jeff burger@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox2.zip/jeff burger@w101.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox20.zip/jeff burger@ehg-paintball.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox21.zip/jeff burger@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox22.zip/jeff burger@ehg-tigerdirect.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox23.zip/jeff burger@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox24.zip/jeff burger@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox25.zip/jeff burger@ehg-newscientist.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox26.zip/jeff burger@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox27.zip/jeff burger@ehg-tigerdirect2.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox28.zip/jeff burger@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox29.zip/jeff burger@ehg-micron.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox3.zip/jeff burger@hg1.hitbox[4].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox30.zip/jeff burger@ehg-mtv.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox31.zip/jeff burger@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox32.zip/jeff burger@ehg-newegg.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox33.zip/jeff burger@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox34.zip/jeff burger@ehg-bcstore.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox35.zip/jeff burger@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox4.zip/jeff burger@ehg-bestbuy.hitbox[4].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox5.zip/jeff burger@ehg-dig.hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox6.zip/jeff burger@ehg-ubisoft.hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox7.zip/jeff burger@ehg-sonicblue.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox8.zip/jeff burger@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox9.zip/jeff burger@ehg-bestbuy.hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitsLink.zip/jeff burger@counter.hitslink[3].txt -> TrackingCookie.Hitslink : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitsLink1.zip/jeff burger@counter.hitslink[2].txt -> TrackingCookie.Hitslink : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitsLink2.zip/jeff burger@counter.hitslink[2].txt -> TrackingCookie.Hitslink : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex.zip/jeff burger@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex1.zip/jeff burger@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex2.zip/jeff burger@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex3.zip/jeff burger@mediaplex[3].txt -> TrackingCookie.Mediaplex : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex4.zip/jeff burger@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex5.zip/jeff burger@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
D:\WINDOWS\Cookies\jeff burger@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
D:\WINDOWS\Cookies\jeff burger@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : No action taken.
D:\WINDOWS\Cookies\jeff burger@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
D:\WINDOWS\Cookies\jeff burger@login.tracking101[1].txt -> TrackingCookie.Tracking101 : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick.zip/jeff burger@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick1.zip/jeff burger@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick2.zip/jeff burger@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick3.zip/jeff burger@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick4.zip/jeff burger@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick5.zip/jeff burger@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.

::Report end

2. BitDefender scan report

BitDefender Online Scanner

Scan report generated at: Sat, Oct 07, 2006 - 07:16:14

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;

Statistics

Time
06:37:54

Files
634022

Folders
9012

Boot Sectors
4

Archives
3835

Packed Files
48641

Results

Identified Viruses
4

Infected Files
5

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
5

Engines Info

Virus Definitions
474351

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1
Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d26.qua
Detected with: Application.JS.ForcePopup.D

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d26.qua
Disinfection failed

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d26.qua
Deleted

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d3e.qua
Detected with: Application.JS.ForcePopup.D

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d3e.qua
Disinfection failed

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d3e.qua
Deleted

C:\WINDOWS\system32\pmnli.exe
Infected with: Trojan.Downloader.Conhook.P

C:\WINDOWS\system32\pmnli.exe
Disinfection failed

C:\WINDOWS\system32\pmnli.exe
Deleted

D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe=>(NSIS o)=>lzma_solid_nsis0005
Infected with: Trojan.Clicker.Vb.EX

D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe=>(NSIS o)=>lzma_solid_nsis0005
Disinfection failed

D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe=>(NSIS o)=>lzma_solid_nsis0005
Deleted

D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe=>(NSIS o)
Update failed

D:\NULL
Infected with: Trojan.Downloader.Qdown.D

D:\NULL
Disinfection failed

D:\NULL
Deleted

3. Your uninstall list

3DMark03
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop Elements 3.0
Adobe Premiere Elements 1.0
Adobe Reader 7.0.8
Ahead InCD
ASUS Probe V2.19.07
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
Avira AntiVir PersonalEdition Classic
Battlecraft 1942
Battlefield 1942
Battlefield 2(TM)
Battlefield 2: Special Forces
Battlefield2 Map El Alamein XXL
Bigfoot Networks LagMeter
Canon PIXMA iP6000D
CleanUp!
DC Slovenia Alps
DCXtended .9
DesertCombat 0.7
D-Link AirPlus G Wireless LAN Adapter
Dr. Hardware 2006 7.5.0e
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy CD & DVD Creator 6
EPSON Printer Software
ewido anti-spyware 4.0
Far Cry
FileSpecs plug-in for Ad-Aware SE
First Step Guide
Fraps
GameSpy Arcade
Google Desktop
Google Desktop Plugin - eBay Watcher
Google Toolbar for Internet Explorer
HexDump plug-in for Ad-Aware SE
HijackThis 1.99.1
ImageMixer VCD2
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 7
Lavasoft VX2 Cleaner
Macromedia Flash Player
Macromedia Flash Player 8
Macromedia Shockwave Player
Media Library Management Wizard
Messenger Control Plugin for Ad-aware
Messenger-Control plug-in for Ad-Aware SE
Microsoft .NET Framework 1.1
Microsoft Office 2000 SR-1 Professional
Morrowind
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (1.0.7)
MSN Music Assistant
Nero - Burning Rom
NVIDIA Windows 2000/XP nForce Drivers
OE Messenger Plugin for Ad-aware
OE/W Messengerctrl plug-in for Ad-Aware SE
Panda ActiveScan
Personal License Update Wizard for Windows Media Player
Picture Package
Plus! MP3 Audio Converter LE
PowerDVD
QuickTime
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB925486)
Sony USB Driver
Spybot - Search & Destroy 1.3.1 TX
SpywareBlaster v3.5.1
TeamSpeak 2 RC2
TES Construction Set
The Simpsons Hit & Run(TM)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Bonus Pack for Windows XP
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Series TweakMP PowerToy
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinPcap 3.1
WinRAR archiver
WinZip
XIII

4. a new HiJackThis log taken after BitDefender finishes.

Logfile of HijackThis v1.99.1
Scan saved at 21:44, on 06-09-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Jeff\My Documents\Unzipped\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 580" /O6 "USB001" /M "Stylus COLOR 580"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

10-09-2006, 02:34 PM	#8 (permalink)
Roomba Registered User Join Date: Sep 2006 Posts: 5 OS: Win XP	Updated scan log files Hey, Again, I appreciate your help. I have ran the scans and the logs are posted below. The WhenU was not in the Add/Remove list of programs. I did delete the directory and files. 1. Ewido scan report --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 00:31 06-10-07 + Scan result: D:\WINDOWS\SYSTEM\exdl.exe -> Adware.BargainBuddy : No action taken. D:\WINDOWS\SYSTEM\exdl0.exe -> Adware.BargainBuddy : No action taken. D:\WINDOWS\SYSTEM\exul.exe -> Adware.BargainBuddy : No action taken. D:\WINDOWS\SYSTEM\javexulm.vxd -> Adware.BargainBuddy : No action taken. D:\WINDOWS\SYSTEM\mqexdlm.srg -> Adware.BargainBuddy : No action taken. D:\System Volume Information\_restore{DF188411-83F8-44D3-BF7E-B66E53B83490}\RP617\A0069953.dll -> Adware.SaveNow : No action taken. D:\WINDOWS\Temporary Internet Files\Content.IE5\NBFKI7S6\saveupdate[1].exe/Save.exe -> Adware.SaveNow : No action taken. D:\WINDOWS\Temporary Internet Files\Content.IE5\NBFKI7S6\saveupdate[1].exe/SaveUninst.exe -> Adware.SaveNow : No action taken. C:\WINDOWS\system32\pmnli.exe -> Downloader.ConHook.ab : No action taken. D:\NULL -> Downloader.QDown.d : No action taken. D:\WINDOWS\Cookies\jeff burger@zero.ads360[1].txt -> TrackingCookie.Ads360 : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom.zip/jeff burger@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom1.zip/jeff burger@advertising[2].txt -> TrackingCookie.Advertising : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom10.zip/jeff burger@advertising[2].txt -> TrackingCookie.Advertising : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom11.zip/jeff burger@advertising[1].txt -> TrackingCookie.Advertising : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom12.zip/jeff burger@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom13.zip/jeff burger@advertising[2].txt -> TrackingCookie.Advertising : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom2.zip/jeff burger@advertising[3].txt -> TrackingCookie.Advertising : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom3.zip/jeff burger@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom4.zip/jeff burger@advertising[4].txt -> TrackingCookie.Advertising : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom5.zip/jeff burger@servedby.advertising[3].txt -> TrackingCookie.Advertising : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom6.zip/jeff burger@advertising[1].txt -> TrackingCookie.Advertising : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom7.zip/jeff burger@advertising[2].txt -> TrackingCookie.Advertising : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom8.zip/jeff burger@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom9.zip/jeff burger@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc.zip/jeff burger@atdmt[3].txt -> TrackingCookie.Atdmt : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc1.zip/jeff burger@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc2.zip/jeff burger@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc3.zip/jeff burger@atdmt[3].txt -> TrackingCookie.Atdmt : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc4.zip/jeff burger@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc5.zip/jeff burger@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast.zip/jeff burger@bfast[2].txt -> TrackingCookie.Bfast : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast1.zip/jeff burger@bfast[1].txt -> TrackingCookie.Bfast : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast2.zip/jeff burger@bfast[2].txt -> TrackingCookie.Bfast : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast3.zip/jeff burger@bfast[3].txt -> TrackingCookie.Bfast : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast4.zip/jeff burger@bfast[1].txt -> TrackingCookie.Bfast : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast5.zip/jeff burger@bfast[1].txt -> TrackingCookie.Bfast : No action taken. D:\WINDOWS\Cookies\jeff burger@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken. D:\WINDOWS\Cookies\jeff burger@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : No action taken. D:\WINDOWS\Cookies\jeff burger@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken. D:\WINDOWS\Cookies\jeff burger@burstnet[3].txt -> TrackingCookie.Burstnet : No action taken. D:\WINDOWS\Cookies\jeff burger@com[1].txt -> TrackingCookie.Com : No action taken. D:\WINDOWS\Cookies\jeff burger@com[2].txt -> TrackingCookie.Com : No action taken. D:\WINDOWS\Cookies\jeff burger@com[4].txt -> TrackingCookie.Com : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics.zip/jeff burger@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics1.zip/jeff burger@data.coremetrics[2].txt -> TrackingCookie.Coremetrics : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics2.zip/jeff burger@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics3.zip/jeff burger@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics4.zip/jeff burger@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics5.zip/jeff burger@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick.zip/jeff burger@doubleclick[3].txt -> TrackingCookie.Doubleclick : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick1.zip/jeff burger@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick2.zip/jeff burger@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick3.zip/jeff burger@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick4.zip/jeff burger@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick5.zip/jeff burger@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. D:\WINDOWS\Cookies\jeff burger@a-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt -> TrackingCookie.Esomniture : No action taken. D:\WINDOWS\Cookies\jeff burger@a-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt -> TrackingCookie.Esomniture : No action taken. D:\WINDOWS\Cookies\jeff burger@y-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt -> TrackingCookie.Esomniture : No action taken. D:\WINDOWS\Cookies\jeff burger@y-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt -> TrackingCookie.Esomniture : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick.zip/jeff burger@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick1.zip/jeff burger@fastclick[4].txt -> TrackingCookie.Fastclick : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick2.zip/jeff burger@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick3.zip/jeff burger@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick4.zip/jeff burger@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick5.zip/jeff burger@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick6.zip/jeff burger@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken. D:\WINDOWS\Cookies\jeff burger@gamershell[1].txt -> TrackingCookie.Gamershell : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox.zip/jeff burger@ehg-idg.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox1.zip/jeff burger@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox10.zip/jeff burger@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox11.zip/jeff burger@ehg-ubisoft.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox12.zip/jeff burger@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox13.zip/jeff burger@ehg-espn.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox14.zip/jeff burger@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox15.zip/jeff burger@ehg-canon.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox16.zip/jeff burger@hitbox[3].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox17.zip/jeff burger@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox18.zip/jeff burger@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox19.zip/jeff burger@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox2.zip/jeff burger@w101.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox20.zip/jeff burger@ehg-paintball.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox21.zip/jeff burger@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox22.zip/jeff burger@ehg-tigerdirect.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox23.zip/jeff burger@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox24.zip/jeff burger@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox25.zip/jeff burger@ehg-newscientist.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox26.zip/jeff burger@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox27.zip/jeff burger@ehg-tigerdirect2.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox28.zip/jeff burger@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox29.zip/jeff burger@ehg-micron.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox3.zip/jeff burger@hg1.hitbox[4].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox30.zip/jeff burger@ehg-mtv.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox31.zip/jeff burger@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox32.zip/jeff burger@ehg-newegg.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox33.zip/jeff burger@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox34.zip/jeff burger@ehg-bcstore.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox35.zip/jeff burger@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox4.zip/jeff burger@ehg-bestbuy.hitbox[4].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox5.zip/jeff burger@ehg-dig.hitbox[3].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox6.zip/jeff burger@ehg-ubisoft.hitbox[3].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox7.zip/jeff burger@ehg-sonicblue.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox8.zip/jeff burger@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox9.zip/jeff burger@ehg-bestbuy.hitbox[3].txt -> TrackingCookie.Hitbox : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitsLink.zip/jeff burger@counter.hitslink[3].txt -> TrackingCookie.Hitslink : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitsLink1.zip/jeff burger@counter.hitslink[2].txt -> TrackingCookie.Hitslink : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitsLink2.zip/jeff burger@counter.hitslink[2].txt -> TrackingCookie.Hitslink : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex.zip/jeff burger@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex1.zip/jeff burger@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex2.zip/jeff burger@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex3.zip/jeff burger@mediaplex[3].txt -> TrackingCookie.Mediaplex : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex4.zip/jeff burger@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex5.zip/jeff burger@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken. D:\WINDOWS\Cookies\jeff burger@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken. D:\WINDOWS\Cookies\jeff burger@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : No action taken. D:\WINDOWS\Cookies\jeff burger@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken. D:\WINDOWS\Cookies\jeff burger@login.tracking101[1].txt -> TrackingCookie.Tracking101 : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick.zip/jeff burger@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick1.zip/jeff burger@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick2.zip/jeff burger@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick3.zip/jeff burger@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick4.zip/jeff burger@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken. D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick5.zip/jeff burger@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken. ::Report end 2. BitDefender scan report BitDefender Online Scanner Scan report generated at: Sat, Oct 07, 2006 - 07:16:14 Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\; Statistics Time 06:37:54 Files 634022 Folders 9012 Boot Sectors 4 Archives 3835 Packed Files 48641 Results Identified Viruses 4 Infected Files 5 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 5 Engines Info Virus Definitions 474351 Engine build AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38) Scan plugins 13 Archive plugins 38 Unpack plugins 6 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions ; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d26.qua Detected with: Application.JS.ForcePopup.D C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d26.qua Disinfection failed C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d26.qua Deleted C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d3e.qua Detected with: Application.JS.ForcePopup.D C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d3e.qua Disinfection failed C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d3e.qua Deleted C:\WINDOWS\system32\pmnli.exe Infected with: Trojan.Downloader.Conhook.P C:\WINDOWS\system32\pmnli.exe Disinfection failed C:\WINDOWS\system32\pmnli.exe Deleted D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe=>(NSIS o)=>lzma_solid_nsis0005 Infected with: Trojan.Clicker.Vb.EX D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe=>(NSIS o)=>lzma_solid_nsis0005 Disinfection failed D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe=>(NSIS o)=>lzma_solid_nsis0005 Deleted D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe=>(NSIS o) Update failed D:\NULL Infected with: Trojan.Downloader.Qdown.D D:\NULL Disinfection failed D:\NULL Deleted 3. Your uninstall list* 3DMark03 Ad-Aware SE Personal Adobe Acrobat 5.0 Adobe Download Manager 2.0 (Remove Only) Adobe Photoshop Elements 3.0 Adobe Premiere Elements 1.0 Adobe Reader 7.0.8 Ahead InCD ASUS Probe V2.19.07 ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Control Panel ATI Display Driver ATI HYDRAVISION Avira AntiVir PersonalEdition Classic Battlecraft 1942 Battlefield 1942 Battlefield 2(TM) Battlefield 2: Special Forces Battlefield2 Map El Alamein XXL Bigfoot Networks LagMeter Canon PIXMA iP6000D CleanUp! DC Slovenia Alps DCXtended .9 DesertCombat 0.7 D-Link AirPlus G Wireless LAN Adapter Dr. Hardware 2006 7.5.0e DVD Decrypter (Remove Only) DVD Shrink 3.2 Easy CD & DVD Creator 6 EPSON Printer Software ewido anti-spyware 4.0 Far Cry FileSpecs plug-in for Ad-Aware SE First Step Guide Fraps GameSpy Arcade Google Desktop Google Desktop Plugin - eBay Watcher Google Toolbar for Internet Explorer HexDump plug-in for Ad-Aware SE HijackThis 1.99.1 ImageMixer VCD2 InterVideo WinDVD iTunes J2SE Runtime Environment 5.0 Update 1 J2SE Runtime Environment 5.0 Update 7 Lavasoft VX2 Cleaner Macromedia Flash Player Macromedia Flash Player 8 Macromedia Shockwave Player Media Library Management Wizard Messenger Control Plugin for Ad-aware Messenger-Control plug-in for Ad-Aware SE Microsoft .NET Framework 1.1 Microsoft Office 2000 SR-1 Professional Morrowind Movie Maker Background Music Files Movie Maker Sound Effects Movie Maker Title Images Mozilla Firefox (1.0.7) MSN Music Assistant Nero - Burning Rom NVIDIA Windows 2000/XP nForce Drivers OE Messenger Plugin for Ad-aware OE/W Messengerctrl plug-in for Ad-Aware SE Panda ActiveScan Personal License Update Wizard for Windows Media Player Picture Package Plus! MP3 Audio Converter LE PowerDVD QuickTime Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB925486) Sony USB Driver Spybot - Search & Destroy 1.3.1 TX SpywareBlaster v3.5.1 TeamSpeak 2 RC2 TES Construction Set The Simpsons Hit & Run(TM) Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Windows Installer 3.1 (KB893803) Windows Installer Clean Up Windows Media Bonus Pack for Windows XP Windows Media Format Runtime Windows Media Player 10 Windows Media Player 9 Series TweakMP PowerToy Windows Media Player Playlist Import to Excel Wizard Windows Media Player Skin Importer Windows Media Player Tray Control Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 WinPcap 3.1 WinRAR archiver WinZip XIII 4. a new HiJackThis log taken after BitDefender finishes. Logfile of HijackThis v1.99.1 Scan saved at 21:44, on 06-09-24 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\Jeff\My Documents\Unzipped\hijackthis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 580" /O6 "USB001" /M "Stylus COLOR 580" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe