Hi, I'll stick to facts:
1. Had the xpantirus 2008
2. Symantic helped me get it off
3. IE still disconecting for a few seconds then on
4. tried reinstalling IE6 oh, my system is a XP media center edition version
2002 with service pack 2 on a dell dimension 8400
5 couldn't find the IEXPLORE.EXE file
6 installed IE 7 and the updates
7. IE still disconecting for a few seconds then on but much better
8. went back and did the steps.
9. active scan said I have 5 hacktools 3 viruses 4 dialers 3-4 malware
and 42 cookieies. many of whom are from my old hard drive which is a
file on my may drive. Actually there are 3 of the old hard drives. Next
time I promise I'll do a clean install.
10 I get unwanted pop up advertising and when I am playing cards a radio
broadcast comes on for a bit or tries to
11 If I leave the machine on for the night in the morning it will be locked up
3 programs on it.
12 so here is the panda log and the deckard system scan.
Deckard's System Scanner v20071014.68
Run by Jim on 2008-03-13 13:05:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
77: 2008-03-13 18:05:57 UTC - RP614 - Deckard's System Scanner Restore Point
76: 2008-03-12 08:00:25 UTC - RP613 - Software Distribution Service 3.0
75: 2008-03-11 19:17:35 UTC - RP612 - System Checkpoint
74: 2008-03-10 09:38:23 UTC - RP611 - Installed Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
73: 2008-03-09 22:45:24 UTC - RP610 - Software Distribution Service 3.0
-- First Restore Point --
1: 2007-12-14 23:49:22 UTC - RP538 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Jim.exe) -------------------------------------------------
Unable to run HijackThis; The system cannot find the file specified.
Path: C:\Program Files\Jim.exe
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-13 13:10:47
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
C:\WINDOWS\SYSTEM32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABMonitor.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\EHOME\ehRecvr.exe
C:\WINDOWS\EHOME\ehSched.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\WINDOWS\SYSTEM32\DLLHOST.EXE
C:\Documents and Settings\Jim\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rangenet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - Startup: WordWeb.lnk = ?
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: IE Zoom &In - C:\OLDCOM~1\DDRIVE~1\PROGRA~1\iezoomer\IE Zoom In.htm
O8 - Extra context menu item: IE Zoom O&ut - C:\OLDCOM~1\DDRIVE~1\PROGRA~1\iezoomer\IE Zoom Out.htm
O8 - Extra context menu item: IE Zoomer Help... - C:\OLDCOM~1\DDRIVE~1\PROGRA~1\iezoomer\IE Zoomer Help.htm
O8 - Extra context menu item: Open in IE &Zoomer - C:\OLDCOM~1\DDRIVE~1\PROGRA~1\iezoomer\Open in IE Zoomer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\old computer\d drive\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\old computer\d drive\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\bodog\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Ancient Tripeaks Solitaire\Images\stg_drm.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_66.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_24.cab
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (Malicious Software Removal Tool) - http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131976812000
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_39.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://67.15.101.3/g_bin/eng/domino_2_0_0_25.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} () - file://C:\Program Files\Chessmaster Challenge\Images\armhelper.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\AATP.DLL
O21 - SSODL: alofkmn - {998EB8C3-9517-40AF-8F30-7914236E97A8} - (no file)
O21 - SSODL: AlrtPrx - {31964550-083e-4acb-a969-fc78e8d776c5} - C:\WINDOWS\Installer\{31964550-083e-4acb-a969-fc78e8d776c5}\AlrtPrx.dll
O21 - SSODL: VolumeService - {26352b92-d605-45e1-b0fa-fb5fb5052ee9} - C:\WINDOWS\Installer\{26352b92-d605-45e1-b0fa-fb5fb5052ee9}\VolumeService.dll
O21 - SSODL: UnknownRam - {2a8e3c1d-cb21-4a93-a34d-985645e32b95} - C:\WINDOWS\Installer\{2a8e3c1d-cb21-4a93-a34d-985645e32b95}\UnknownRam.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
--
End of file - 14974 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk>
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Diskeeper - "c:\program files\executive software\diskeeperlite\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper (TM) Disk Defragmenter>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel Wave Audio Mixer
Device ID: SW\{B7EAFDC0-A680-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer: Microsoft
Name: Microsoft Kernel Wave Audio Mixer
PNP Device ID: SW\{B7EAFDC0-A680-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service: kmixer
-- Scheduled Tasks -------------------------------------------------------------
2008-03-13 12:34:34 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-03-13 12:33:41 434 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-03-13 12:17:10 368 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-03-11 03:13:34 552 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Jim.job
2008-03-10 12:45:00 288 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
-- Files created between 2008-02-13 and 2008-03-13 -----------------------------
2008-03-13 13:09:02 0 d-------- C:\Program Files\Ihijackcheck <IHIJAC~1>
2008-03-12 05:15:08 0 d-------- C:\ie-spyad_zo
2008-03-12 01:22:31 0 d-------- C:\Program Files\IESPY
2008-03-12 01:02:03 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-03-12 00:49:23 0 d-------- C:\Program Files\SpywareBlaster <SPYWAR~1>
2008-03-11 21:37:44 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-03-11 21:08:39 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-10 04:38:28 0 d-------- C:\Program Files\Pro Imaging Powertoys <PROIMA~1>
2008-03-10 04:38:28 0 d-------- C:\Program Files\Common Files\Nikon
2008-03-10 04:33:20 0 d-------- C:\Program Files\rawviewersetup <RAWVIE~1>
2008-03-09 23:43:59 0 d-------- C:\Documents and Settings\Jim\Application Data\Otto
2008-03-09 23:43:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Otto
2008-03-09 17:35:02 0 d-------- C:\Program Files\Windows Defender <WIFD1F~1>
2008-03-09 17:07:30 0 d-------- C:\WINDOWS\network diagnostic
2008-03-09 11:43:07 0 d-------- C:\Program Files\TOOLBARCOP <TOOLBA~2>
2008-03-09 11:40:56 0 d-------- C:\Program Files\toolbarcop[1] <TOOLBA~1>
2008-03-09 09:53:06 0 d-------- C:\Program Files\DoubleSix <DOUBLE~1>
2008-03-09 09:42:48 0 d-------- C:\Program Files\WinGames.Inc
2008-03-09 09:21:54 626688 --a------ C:\WINDOWS\wweb32.dll <Not Verified; Antony Lewis; WordWeb>
2008-03-09 09:21:54 0 d-------- C:\Program Files\WordWeb
2008-03-09 04:39:15 0 d-------- C:\HJT
2008-03-07 03:50:28 0 d-------- C:\Program Files\Trend Micro <TRENDM~1>
2008-03-06 23:41:30 0 d-------- C:\Program Files\ACW
2008-03-05 01:32:41 0 d-------- C:\WINDOWS\system32\bits
2008-03-03 15:10:29 0 d-------- C:\Program Files\RegCure
2008-03-03 15:07:29 0 d-------- C:\Program Files\RegistryCleanFix2008 <REGIST~1>
2008-02-29 09:21:04 0 d-------- C:\Documents and Settings\Jim\Application Data\Mozilla
2008-02-27 19:22:32 0 d-------- C:\WINDOWS\CSC
2008-02-16 12:10:34 20 --a------ C:\WINDOWS\system32\SYSTEM
2008-02-16 06:23:46 0 d-------- C:\Documents and Settings\Jim\AbiSuite
2008-02-15 01:55:28 0 d-------- C:\Program Files\Common Files\xing shared
-- Find3M Report ---------------------------------------------------------------
2008-03-13 12:28:05 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2008-03-13 12:28:05 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2008-03-11 22:45:45 0 d-------- C:\Program Files\QuickTime <QUICKT~1>
2008-03-11 22:45:36 0 d-------- C:\Program Files\Norton SystemWorks <NORTON~1>
2008-03-11 22:45:28 0 d-------- C:\Program Files\Norton AntiVirus <NORTON~2>
2008-03-11 22:44:13 0 d-------- C:\Program Files\Microsoft ActiveSync <MICROS~4>
2008-03-11 22:37:28 0 d-------- C:\Program Files\DellSupport <DELLSU~1>
2008-03-11 22:36:11 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-10 04:38:28 0 d-------- C:\Program Files\Common Files <COMMON~1>
2008-03-10 03:03:16 320064 --a------ C:\Program Files\Image Resizer Powertoy for Windows XP.msi <IMAGER~1.MSI>
2008-03-09 12:41:57 0 d-------- C:\Program Files\WinAce 2.6 <WINACE~1.6>
2008-03-09 09:54:17 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-03-09 09:30:27 0 d-------- C:\Program Files\POKERROOM <POKERR~2>
2008-03-06 19:32:25 6656 --ahs---- C:\Program Files\Thumbs.db
2008-03-05 21:34:12 0 d-------- C:\Documents and Settings\Jim\Application Data\Chessmaster Challenge <CHESSM~1>
2008-03-05 21:19:31 0 d-------- C:\Program Files\Java
2008-03-03 01:05:02 1000 --a------ C:\Program Files\UltimateBet.dat <ULTIMA~1.DAT>
2008-03-03 01:00:58 0 d-------- C:\Program Files\Update
2008-02-17 22:23:18 0 d-------- C:\Program Files\Sonic
2008-02-16 08:11:49 0 d-------- C:\Program Files\PokerRewardsCalculator <POKERR~1>
2008-02-15 01:55:23 0 d-------- C:\Program Files\Real
2008-02-15 01:55:05 0 d-------- C:\Program Files\Common Files\Real
2008-02-11 03:36:33 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-10 21:25:23 0 d-------- C:\Documents and Settings\Jim\Application Data\Adobe
2008-01-31 23:21:30 0 d-------- C:\Program Files\Symantec
2008-01-27 02:14:02 37232 --a------ C:\Program Files\INSTALL.LOG
2008-01-26 06:35:56 0 d-------- C:\Program Files\Holdem Genius <HOLDEM~1>
2008-01-26 04:12:10 0 d-------- C:\Documents and Settings\Jim\Application Data\Symantec
2008-01-26 03:50:49 0 d-------- C:\Program Files\Windows Sidebar <WICC9F~1>
2008-01-25 21:45:10 0 d-------- C:\Program Files\DIGStream <DIGSTR~1>
2008-01-14 02:43:21 0 d-------- C:\Documents and Settings\Jim\Application Data\AdobeUM
2008-01-13 22:56:59 0 d-------- C:\Documents and Settings\Jim\Application Data\HPAppData
2008-01-06 01:49:23 147616 --a------ C:\WINDOWS\hpoins21.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
03/02/2007 05:52 PM 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 05:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
01/30/2008 10:40 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/11/2004 05:10 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [02/12/2007 02:37 PM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43 AM]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 01:00 AM]
"CTHelper"="CTHELPER.EXE" [03/11/2004 09:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 04:54 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 01:01 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 10:34 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/31/2008 02:15 PM]
"NSWosCheck"="C:\Program Files\Norton SystemWorks\osCheck.exe" [09/18/2007 09:22 AM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [08/24/2007 11:53 PM]
"NortonAntiBot"="C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe" [11/12/2007 11:59 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/15/2008 01:54 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 06:33 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/12/2005 06:03 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"SBAutoUpdate"="C:\Program Files\SpywareBlaster\sbautoupdate.exe" [02/28/2008 09:58 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [04/22/2003 05:43 PM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
C:\Documents and Settings\Jim\Start Menu\Programs\Startup\
DESKTOP.INI [8/19/2004 4:07:20 PM]
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [3/9/2008 9:21:55 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/19/2004 4:07:20 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"AlrtPrx"= {31964550-083e-4acb-a969-fc78e8d776c5} - C:\WINDOWS\Installer\{31964550-083e-4acb-a969-fc78e8d776c5}\AlrtPrx.dll [02/27/2008 05:26 AM 17958]
"VolumeService"= {26352b92-d605-45e1-b0fa-fb5fb5052ee9} - C:\WINDOWS\Installer\{26352b92-d605-45e1-b0fa-fb5fb5052ee9}\VolumeService.dll [02/27/2008 05:27 AM 17958]
"UnknownRam"= {2a8e3c1d-cb21-4a93-a34d-985645e32b95} - C:\WINDOWS\Installer\{2a8e3c1d-cb21-4a93-a34d-985645e32b95}\UnknownRam.dll [02/27/2008 05:27 AM 17958]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
-- End of Deckard's System Scanner: finished at 2008-03-13 13:11:48 ------------
Incident Status Location
Adware:adware/cws Not disinfected C:\Documents and Settings\Jim\Favorites\HEALTH
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Jim\Application Data\Sun\Java\Deployment\cache\6.0\12\4ef9724c-7e8cace4[MagicApplet.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Jim\Application Data\Sun\Java\Deployment\cache\6.0\12\4ef9724c-7e8cace4[OwnClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Jim\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv719.jar-3b008a5b-66945ba6.zip[Matrix.class]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jim\Cookies\jim@ad.yieldmanager[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Jim\Cookies\jim@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jim\Cookies\jim@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jim\Cookies\jim@doubleclick[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Jim\Cookies\jim@enhance[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Jim\Cookies\jim@findwhat[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Jim\Cookies\jim@linksynergy[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jim\Cookies\jim@overture[1].txt
Dialer
ialer.B Not disinfected C:\old computer\c drive\olddrivec\WINDOWS\Downloaded Program Files\DHTMLAccess.inf
Virus:Generic Malware Disinfected C:\old computer\c drive\Program Files\WildTangent\Components\wtPropertyBag0200.dll
Spyware:Cookie/Advertising Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Statcounter Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Com.com Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.com.com/]
Spyware:Cookie/Apmebf Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[server.iad.liveperson.net/hc/60960915]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[server.iad.liveperson.net/hc/60960915]
Spyware:Cookie/Linksynergy Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/Yadro Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Overture Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/SpyLog Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.spylog.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[statse.webtrendslive.com/dcsxftufsqljwpctboanuub44_6r8o]
Spyware:Cookie/Kount Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.kount.com/]
Spyware:Cookie/FastClick Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Adserver Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[server.iad.liveperson.net/hc/5574]
Spyware:Cookie/Golden Palace Online Casino Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[www.goldenpalace.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Atwola Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.atwola.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Bfast Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/onestat.com Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Falkag Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.as-us.falkag.net/]
Adware:Adware/Coupons Not disinfected C:\old computer\c drive\WINDOWS\cpbrkpie.ocx
Virus:Generic Malware Disinfected C:\old computer\d drive\my downloads 2\AGSetup0609.exe
Potentially unwanted tool:Application/MyWay Not disinfected C:\old computer\d drive\Program Files\Audiogalaxy Satellite\ui.dll
Dialerialer.YC Not disinfected C:\old computer\d drive\Spybot - Search & Destroy 1.1\Recovery\AllInOneTelcom4.zip[nsupd9x.inf]
Virus:Generic Malware Disinfected F:\olddrivec\WINDOWS\WT\wtupdates\wtwebdriver\FILES\3.1.0.037\NPWTHOST.DLL
Dialerialer.Gen Not disinfected F:\olddrivec\WINDOWS\SYSTEM\Desire-uninstall.exe
Dialerialer.B Not disinfected F:\olddrivec\WINDOWS\Downloaded Program Files\DHTMLAccess.inf
Adware:Adware/Trymedia Not disinfected F:\Domino gold\Domino-WinSetupRls-dm.exe
Hacktool:Exploit/iFrame Not disinfected Personal Folders\Inbox\Your password
Hacktool:Exploit/iFrame Not disinfected Local Folders\Inbox\Your password
1. Had the xpantirus 2008
2. Symantic helped me get it off
3. IE still disconecting for a few seconds then on
4. tried reinstalling IE6 oh, my system is a XP media center edition version
2002 with service pack 2 on a dell dimension 8400
5 couldn't find the IEXPLORE.EXE file
6 installed IE 7 and the updates
7. IE still disconecting for a few seconds then on but much better
8. went back and did the steps.
9. active scan said I have 5 hacktools 3 viruses 4 dialers 3-4 malware
and 42 cookieies. many of whom are from my old hard drive which is a
file on my may drive. Actually there are 3 of the old hard drives. Next
time I promise I'll do a clean install.
10 I get unwanted pop up advertising and when I am playing cards a radio
broadcast comes on for a bit or tries to
11 If I leave the machine on for the night in the morning it will be locked up
3 programs on it.
12 so here is the panda log and the deckard system scan.
Deckard's System Scanner v20071014.68
Run by Jim on 2008-03-13 13:05:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
77: 2008-03-13 18:05:57 UTC - RP614 - Deckard's System Scanner Restore Point
76: 2008-03-12 08:00:25 UTC - RP613 - Software Distribution Service 3.0
75: 2008-03-11 19:17:35 UTC - RP612 - System Checkpoint
74: 2008-03-10 09:38:23 UTC - RP611 - Installed Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
73: 2008-03-09 22:45:24 UTC - RP610 - Software Distribution Service 3.0
-- First Restore Point --
1: 2007-12-14 23:49:22 UTC - RP538 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Jim.exe) -------------------------------------------------
Unable to run HijackThis; The system cannot find the file specified.
Path: C:\Program Files\Jim.exe
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-13 13:10:47
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
C:\WINDOWS\SYSTEM32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABMonitor.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\EHOME\ehRecvr.exe
C:\WINDOWS\EHOME\ehSched.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\WINDOWS\SYSTEM32\DLLHOST.EXE
C:\Documents and Settings\Jim\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rangenet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - Startup: WordWeb.lnk = ?
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: IE Zoom &In - C:\OLDCOM~1\DDRIVE~1\PROGRA~1\iezoomer\IE Zoom In.htm
O8 - Extra context menu item: IE Zoom O&ut - C:\OLDCOM~1\DDRIVE~1\PROGRA~1\iezoomer\IE Zoom Out.htm
O8 - Extra context menu item: IE Zoomer Help... - C:\OLDCOM~1\DDRIVE~1\PROGRA~1\iezoomer\IE Zoomer Help.htm
O8 - Extra context menu item: Open in IE &Zoomer - C:\OLDCOM~1\DDRIVE~1\PROGRA~1\iezoomer\Open in IE Zoomer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\old computer\d drive\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\old computer\d drive\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\bodog\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Ancient Tripeaks Solitaire\Images\stg_drm.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_66.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_24.cab
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (Malicious Software Removal Tool) - http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131976812000
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_39.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://67.15.101.3/g_bin/eng/domino_2_0_0_25.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} () - file://C:\Program Files\Chessmaster Challenge\Images\armhelper.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\AATP.DLL
O21 - SSODL: alofkmn - {998EB8C3-9517-40AF-8F30-7914236E97A8} - (no file)
O21 - SSODL: AlrtPrx - {31964550-083e-4acb-a969-fc78e8d776c5} - C:\WINDOWS\Installer\{31964550-083e-4acb-a969-fc78e8d776c5}\AlrtPrx.dll
O21 - SSODL: VolumeService - {26352b92-d605-45e1-b0fa-fb5fb5052ee9} - C:\WINDOWS\Installer\{26352b92-d605-45e1-b0fa-fb5fb5052ee9}\VolumeService.dll
O21 - SSODL: UnknownRam - {2a8e3c1d-cb21-4a93-a34d-985645e32b95} - C:\WINDOWS\Installer\{2a8e3c1d-cb21-4a93-a34d-985645e32b95}\UnknownRam.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
--
End of file - 14974 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk>
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Diskeeper - "c:\program files\executive software\diskeeperlite\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper (TM) Disk Defragmenter>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel Wave Audio Mixer
Device ID: SW\{B7EAFDC0-A680-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer: Microsoft
Name: Microsoft Kernel Wave Audio Mixer
PNP Device ID: SW\{B7EAFDC0-A680-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service: kmixer
-- Scheduled Tasks -------------------------------------------------------------
2008-03-13 12:34:34 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-03-13 12:33:41 434 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-03-13 12:17:10 368 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-03-11 03:13:34 552 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Jim.job
2008-03-10 12:45:00 288 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
-- Files created between 2008-02-13 and 2008-03-13 -----------------------------
2008-03-13 13:09:02 0 d-------- C:\Program Files\Ihijackcheck <IHIJAC~1>
2008-03-12 05:15:08 0 d-------- C:\ie-spyad_zo
2008-03-12 01:22:31 0 d-------- C:\Program Files\IESPY
2008-03-12 01:02:03 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-03-12 00:49:23 0 d-------- C:\Program Files\SpywareBlaster <SPYWAR~1>
2008-03-11 21:37:44 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-03-11 21:08:39 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-10 04:38:28 0 d-------- C:\Program Files\Pro Imaging Powertoys <PROIMA~1>
2008-03-10 04:38:28 0 d-------- C:\Program Files\Common Files\Nikon
2008-03-10 04:33:20 0 d-------- C:\Program Files\rawviewersetup <RAWVIE~1>
2008-03-09 23:43:59 0 d-------- C:\Documents and Settings\Jim\Application Data\Otto
2008-03-09 23:43:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Otto
2008-03-09 17:35:02 0 d-------- C:\Program Files\Windows Defender <WIFD1F~1>
2008-03-09 17:07:30 0 d-------- C:\WINDOWS\network diagnostic
2008-03-09 11:43:07 0 d-------- C:\Program Files\TOOLBARCOP <TOOLBA~2>
2008-03-09 11:40:56 0 d-------- C:\Program Files\toolbarcop[1] <TOOLBA~1>
2008-03-09 09:53:06 0 d-------- C:\Program Files\DoubleSix <DOUBLE~1>
2008-03-09 09:42:48 0 d-------- C:\Program Files\WinGames.Inc
2008-03-09 09:21:54 626688 --a------ C:\WINDOWS\wweb32.dll <Not Verified; Antony Lewis; WordWeb>
2008-03-09 09:21:54 0 d-------- C:\Program Files\WordWeb
2008-03-09 04:39:15 0 d-------- C:\HJT
2008-03-07 03:50:28 0 d-------- C:\Program Files\Trend Micro <TRENDM~1>
2008-03-06 23:41:30 0 d-------- C:\Program Files\ACW
2008-03-05 01:32:41 0 d-------- C:\WINDOWS\system32\bits
2008-03-03 15:10:29 0 d-------- C:\Program Files\RegCure
2008-03-03 15:07:29 0 d-------- C:\Program Files\RegistryCleanFix2008 <REGIST~1>
2008-02-29 09:21:04 0 d-------- C:\Documents and Settings\Jim\Application Data\Mozilla
2008-02-27 19:22:32 0 d-------- C:\WINDOWS\CSC
2008-02-16 12:10:34 20 --a------ C:\WINDOWS\system32\SYSTEM
2008-02-16 06:23:46 0 d-------- C:\Documents and Settings\Jim\AbiSuite
2008-02-15 01:55:28 0 d-------- C:\Program Files\Common Files\xing shared
-- Find3M Report ---------------------------------------------------------------
2008-03-13 12:28:05 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2008-03-13 12:28:05 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2008-03-11 22:45:45 0 d-------- C:\Program Files\QuickTime <QUICKT~1>
2008-03-11 22:45:36 0 d-------- C:\Program Files\Norton SystemWorks <NORTON~1>
2008-03-11 22:45:28 0 d-------- C:\Program Files\Norton AntiVirus <NORTON~2>
2008-03-11 22:44:13 0 d-------- C:\Program Files\Microsoft ActiveSync <MICROS~4>
2008-03-11 22:37:28 0 d-------- C:\Program Files\DellSupport <DELLSU~1>
2008-03-11 22:36:11 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-10 04:38:28 0 d-------- C:\Program Files\Common Files <COMMON~1>
2008-03-10 03:03:16 320064 --a------ C:\Program Files\Image Resizer Powertoy for Windows XP.msi <IMAGER~1.MSI>
2008-03-09 12:41:57 0 d-------- C:\Program Files\WinAce 2.6 <WINACE~1.6>
2008-03-09 09:54:17 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-03-09 09:30:27 0 d-------- C:\Program Files\POKERROOM <POKERR~2>
2008-03-06 19:32:25 6656 --ahs---- C:\Program Files\Thumbs.db
2008-03-05 21:34:12 0 d-------- C:\Documents and Settings\Jim\Application Data\Chessmaster Challenge <CHESSM~1>
2008-03-05 21:19:31 0 d-------- C:\Program Files\Java
2008-03-03 01:05:02 1000 --a------ C:\Program Files\UltimateBet.dat <ULTIMA~1.DAT>
2008-03-03 01:00:58 0 d-------- C:\Program Files\Update
2008-02-17 22:23:18 0 d-------- C:\Program Files\Sonic
2008-02-16 08:11:49 0 d-------- C:\Program Files\PokerRewardsCalculator <POKERR~1>
2008-02-15 01:55:23 0 d-------- C:\Program Files\Real
2008-02-15 01:55:05 0 d-------- C:\Program Files\Common Files\Real
2008-02-11 03:36:33 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-10 21:25:23 0 d-------- C:\Documents and Settings\Jim\Application Data\Adobe
2008-01-31 23:21:30 0 d-------- C:\Program Files\Symantec
2008-01-27 02:14:02 37232 --a------ C:\Program Files\INSTALL.LOG
2008-01-26 06:35:56 0 d-------- C:\Program Files\Holdem Genius <HOLDEM~1>
2008-01-26 04:12:10 0 d-------- C:\Documents and Settings\Jim\Application Data\Symantec
2008-01-26 03:50:49 0 d-------- C:\Program Files\Windows Sidebar <WICC9F~1>
2008-01-25 21:45:10 0 d-------- C:\Program Files\DIGStream <DIGSTR~1>
2008-01-14 02:43:21 0 d-------- C:\Documents and Settings\Jim\Application Data\AdobeUM
2008-01-13 22:56:59 0 d-------- C:\Documents and Settings\Jim\Application Data\HPAppData
2008-01-06 01:49:23 147616 --a------ C:\WINDOWS\hpoins21.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
03/02/2007 05:52 PM 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 05:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
01/30/2008 10:40 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/11/2004 05:10 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [02/12/2007 02:37 PM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43 AM]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 01:00 AM]
"CTHelper"="CTHELPER.EXE" [03/11/2004 09:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 04:54 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 01:01 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 10:34 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/31/2008 02:15 PM]
"NSWosCheck"="C:\Program Files\Norton SystemWorks\osCheck.exe" [09/18/2007 09:22 AM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [08/24/2007 11:53 PM]
"NortonAntiBot"="C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe" [11/12/2007 11:59 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/15/2008 01:54 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 06:33 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/12/2005 06:03 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"SBAutoUpdate"="C:\Program Files\SpywareBlaster\sbautoupdate.exe" [02/28/2008 09:58 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [04/22/2003 05:43 PM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
C:\Documents and Settings\Jim\Start Menu\Programs\Startup\
DESKTOP.INI [8/19/2004 4:07:20 PM]
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [3/9/2008 9:21:55 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/19/2004 4:07:20 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"AlrtPrx"= {31964550-083e-4acb-a969-fc78e8d776c5} - C:\WINDOWS\Installer\{31964550-083e-4acb-a969-fc78e8d776c5}\AlrtPrx.dll [02/27/2008 05:26 AM 17958]
"VolumeService"= {26352b92-d605-45e1-b0fa-fb5fb5052ee9} - C:\WINDOWS\Installer\{26352b92-d605-45e1-b0fa-fb5fb5052ee9}\VolumeService.dll [02/27/2008 05:27 AM 17958]
"UnknownRam"= {2a8e3c1d-cb21-4a93-a34d-985645e32b95} - C:\WINDOWS\Installer\{2a8e3c1d-cb21-4a93-a34d-985645e32b95}\UnknownRam.dll [02/27/2008 05:27 AM 17958]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
-- End of Deckard's System Scanner: finished at 2008-03-13 13:11:48 ------------
Incident Status Location
Adware:adware/cws Not disinfected C:\Documents and Settings\Jim\Favorites\HEALTH
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Jim\Application Data\Sun\Java\Deployment\cache\6.0\12\4ef9724c-7e8cace4[MagicApplet.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Jim\Application Data\Sun\Java\Deployment\cache\6.0\12\4ef9724c-7e8cace4[OwnClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Jim\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv719.jar-3b008a5b-66945ba6.zip[Matrix.class]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jim\Cookies\jim@ad.yieldmanager[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Jim\Cookies\jim@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jim\Cookies\jim@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jim\Cookies\jim@doubleclick[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Jim\Cookies\jim@enhance[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Jim\Cookies\jim@findwhat[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Jim\Cookies\jim@linksynergy[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jim\Cookies\jim@overture[1].txt
Dialer
ialer.B Not disinfected C:\old computer\c drive\olddrivec\WINDOWS\Downloaded Program Files\DHTMLAccess.inf Virus:Generic Malware Disinfected C:\old computer\c drive\Program Files\WildTangent\Components\wtPropertyBag0200.dll
Spyware:Cookie/Advertising Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Statcounter Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Com.com Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.com.com/]
Spyware:Cookie/Apmebf Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[server.iad.liveperson.net/hc/60960915]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[server.iad.liveperson.net/hc/60960915]
Spyware:Cookie/Linksynergy Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/Yadro Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Overture Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/SpyLog Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.spylog.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[statse.webtrendslive.com/dcsxftufsqljwpctboanuub44_6r8o]
Spyware:Cookie/Kount Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.kount.com/]
Spyware:Cookie/FastClick Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Adserver Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[server.iad.liveperson.net/hc/5574]
Spyware:Cookie/Golden Palace Online Casino Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[www.goldenpalace.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Atwola Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.atwola.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Bfast Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/onestat.com Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Falkag Not disinfected C:\old computer\c drive\WINDOWS\Application Data\Mozilla\Firefox\Profiles\w2hcfhoz.default\cookies.txt[.as-us.falkag.net/]
Adware:Adware/Coupons Not disinfected C:\old computer\c drive\WINDOWS\cpbrkpie.ocx
Virus:Generic Malware Disinfected C:\old computer\d drive\my downloads 2\AGSetup0609.exe
Potentially unwanted tool:Application/MyWay Not disinfected C:\old computer\d drive\Program Files\Audiogalaxy Satellite\ui.dll
Dialer
ialer.YC Not disinfected C:\old computer\d drive\Spybot - Search & Destroy 1.1\Recovery\AllInOneTelcom4.zip[nsupd9x.inf] Virus:Generic Malware Disinfected F:\olddrivec\WINDOWS\WT\wtupdates\wtwebdriver\FILES\3.1.0.037\NPWTHOST.DLL
Dialer
ialer.Gen Not disinfected F:\olddrivec\WINDOWS\SYSTEM\Desire-uninstall.exe Dialer
ialer.B Not disinfected F:\olddrivec\WINDOWS\Downloaded Program Files\DHTMLAccess.inf Adware:Adware/Trymedia Not disinfected F:\Domino gold\Domino-WinSetupRls-dm.exe
Hacktool:Exploit/iFrame Not disinfected Personal Folders\Inbox\Your password
Hacktool:Exploit/iFrame Not disinfected Local Folders\Inbox\Your password
