Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page IE popups, gaming disconnect, shutdown
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 09-23-2006, 10:15 PM   #1 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 5
OS: Win XP


IE popups, gaming disconnect, shutdown
Hello. I have multiple and possibly related problems. I have pop ups with IE. My Battlefield2 game has disconnects after the map is loaded. I was running Adaware SE and the computer shut down! It did this twice. I have XP SP2. Here is my HJT run. I have run various spy removers and found no problems. I appreciate any help. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 11:12:05 PM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jeff\My Documents\Unzipped\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12d14d4d-73dc-425f-bfd5-982739a5abe2} - C:\WINDOWS\system32\FM2dit.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 580" /O6 "USB001" /M "Stylus COLOR 580"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://a284.g.akamai.net/f/284/987/1...ploader_v6.cab
O20 - Winlogon Notify: FM2dit - C:\WINDOWS\SYSTEM32\FM2dit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
Roomba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 09-24-2006, 01:11 AM   #2 (permalink)
Mentor, Analyst - Security Team
 
Deckard's Avatar
 
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows


Hello Roomba, and welcome to TSF. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.


Download CleanUp!
Download and install CleanUp! but do not run it yet.

WARNING: CleanUp! deletes EVERYTHING out of temporary folders and does not make backups. If you have any documents or programs that are saved in any temporary folders, please make a backup of these before running CleanUp!

WARNING: Do not run cleanup under Windows XP x64 Edition. If you're not sure if you have the 64-bit version of Windows then you probably do not; however, you can check by using IE to download the whichcpu tool and then running it.


Download Ewido
Please download, install, and update Ewido Anti-Spyware.
  1. Load Ewido and then click the Shield tab at the top
    • Click on the word active to change it to inactive.
  2. Click the Update tab at the top:
    • Under Manual update, click Start update. After the update finishes, the status bar at the bottom will display "Update successful". If you are having trouble updating, you can also download and run the manual updater.
    • Under Automatic update, change the Update interval to something more reasonable like 12 or 24 hours.
  3. Click the Scanner tab at the top and then the Settings sub-tab:
    • Under How to act?, click Recommended actions and select Quarantine.
    • Under Reports, select Automatically generate report after every scan
  4. Close Ewido. Do not run a scan with it yet.


Download ComboFix
Download ComboFix to your Desktop from one of the following links:
  1. http://download.bleepingcomputer.com/sUBs/combofix.exe
  2. http://www.techsupportforum.com/sectools/combofix.exe
Highlight and copy the following:
"%userprofile%\desktop\combofix.exe" /v FM2dit
Then go to Start > Run, paste it into the text field, and then click OK.
While ComboFix is running, please do not click or move the window, as this may cause the tool to stall. When the tool has finished, it will produce a log for you and save it as C:\ComboFix.txt. Post that log in your next reply.


Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.


HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any):
O2 - BHO: (no name) - {12d14d4d-73dc-425f-bfd5-982739a5abe2} - C:\WINDOWS\system32\FM2dit.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://a284.g.akamai.net/f/284/987/1...ploader_v6.cab
O20 - Winlogon Notify: FM2dit - C:\WINDOWS\SYSTEM32\FM2dit.dll
Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.


Run CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
  • Click "Options..."
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following:
    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • Cleanup! All Users
    • Click on the "Temporary Files" and make sure the box for "Scan drives for file matching" is unchecked.
    Click OK.
  • Press the CleanUp! button to start the program.
Once it's finished CleanUp! will ask you to logoff/reboot. Please select NO as we will do this later.


Run Ewido
  • Run Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on Save Report, then Save Report As. Save the report so that you can find it again (like on the Desktop).
  • Close Ewido.

Reboot
Reboot your system to Normal Mode.


Online Scan
Perform an online scan with Internet Explorer with Panda ActiveScan.
  1. Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker.
  2. Enter your e-mail address, country, and state and click Scan Now.
  3. Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control.
  4. Begin the scan by selecting My Computer. Note:
    • Please turn off the real time scanner of any existing antivirus program while performing the online scan.
    • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
    • Click on See report then click Save report.
    • It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report.

With Your Next Post...
Please paste the following with your next reply (in this order please):
  1. The contents of C:\ComboFix.txt,
  2. Ewido scan report,
  3. Panda Scan report, and
  4. a new HiJackThis log taken after the online scan finishes.
__________________
The chance to begin again in a golden land of opportunity and adventure.

Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.


UNITE/ASAP: Proud member since 2006
Deckard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-24-2006, 09:38 PM   #3 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 5
OS: Win XP


IE popups, gaming disconnect, shutdown
First off, thanks for your rapid relpy. You came highly recommended from my wife who had a similar problem.

Second, I did all that you said and there were some big improvements. After the step with ewido, there were no popups! I had the anitvirus ones but they werent catching them. I was able to finish a Battlefiled2 round! I'll admit it was the third time but I was connected to a server for 5-10 minutes. I think something is going on in the BF2 world. Not sure. But that showed great promise.

Of the four entries from HJT, the third one was the only one I saw in Safe mode. I fixed it.

Again, my thanks. Let me know what else you see. Or if you need something else.

OK. Here are the logs you asked for:

ComboFix.txt
Jeff - 06-09-24 14:56:10.76 Service Pack 2
ComboFix 06.09.23.2 - Running from: "C:\Documents and Settings\Jeff\desktop"
Command switches used :: /v FM2dit

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\FM2dit.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2006-08-24 to 2006-09-24 ))))))))))))))))))))))))))))))))))


2006-09-24 14:50 276,406 --a------ C:\combofix.exe
2006-09-24 14:47 6,020,448 --a------ C:\ewido-setup_4.0.0.172c.exe
2006-09-24 14:46 339,257 --a------ C:\CleanUp452.exe
2006-09-23 18:18 1,314,816 --a------ C:\pbsetup.exe
2006-09-23 17:22 7,050,552 --a------ C:\psa30se_en_us.exe
2006-08-31 22:38 746,880 --a------ C:\FRAPS274.EXE


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-24 14:52 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-24 14:46 -------- d-------- C:\Program Files\CleanUp!
2006-09-23 23:06 -------- d-------- C:\Documents and Settings\Jeff\Application Data\AdobeUM
2006-09-23 22:55 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-23 22:47 -------- d-------- C:\Program Files\AntiVir PersonalEdition Classic
2006-09-23 17:26 -------- d-------- C:\Program Files\Adobe
2006-09-23 17:25 1015 --a------ C:\Documents and Settings\Jeff\Application Data\AdobeDLM.log
2006-09-23 17:25 0 --a------ C:\Documents and Settings\Jeff\Application Data\dm.ini
2006-09-23 17:22 -------- d-------- C:\Documents and Settings\Jeff\Application Data\Adobe
2006-09-17 15:36 -------- d-------- C:\Documents and Settings\Jeff\Application Data\U3
2006-09-15 21:47 -------- d---s---- C:\Documents and Settings\Jeff\Application Data\Microsoft
2006-09-09 15:11 -------- d-------- C:\Documents and Settings\Jeff\Application Data\Google
2006-09-08 19:25 -------- d-------- C:\Program Files\Google
2006-08-26 17:16 -------- d-------- C:\Program Files\Firefox
2006-08-17 21:38 -------- d-------- C:\Program Files\Internet Explorer
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-13 22:22 57384 --a------ C:\WINDOWS\system32\avsda.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus COLOR 580"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_AICN03.EXE /P22 \"EPSON Stylus COLOR 580\" /O6 \"USB001\" /M \"Stylus COLOR 580\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
@=""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"ASUS Probe"="C:\\Program Files\\ASUS\\Probe\\AsusProb.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,a2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
@=""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
@=""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDriveAutoRun"=hex:80,02,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ATI CATALYST System Tray.lnk"
"backup"="C:\\WINDOWS\\pss\\ATI CATALYST System Tray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ATITEC~1\\ATI.ACE\\CLI.exe SystemTray"
"item"="ATI CATALYST System Tray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^D-Link AirPlus G Configuration Utility.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\D-Link AirPlus G Configuration Utility.lnk"
"backup"="C:\\WINDOWS\\pss\\D-Link AirPlus G Configuration Utility.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\D-LINK~1\\AirPlus.exe "
"item"="D-Link AirPlus G Configuration Utility"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioAudioCentral]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RxMon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"PhotoshopElementsDeviceConnect"=dword:00000002
"iPodService"=dword:00000003
"AdobeActiveFileMonitor"=dword:00000002


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 06-09-24 14:58:30.28
ComboFix.txt


Ewido scan report
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:00 06-09-24

+ Scan result:



D:\WINDOWS\SYSTEM\angelex.exe -> Adware.BargainBuddy : No action taken.
D:\WINDOWS\SYSTEM\exdl.exe -> Adware.BargainBuddy : No action taken.
D:\WINDOWS\SYSTEM\exdl0.exe -> Adware.BargainBuddy : No action taken.
D:\WINDOWS\SYSTEM\exul.exe -> Adware.BargainBuddy : No action taken.
D:\WINDOWS\SYSTEM\javexulm.vxd -> Adware.BargainBuddy : No action taken.
D:\WINDOWS\SYSTEM\mqexdlm.srg -> Adware.BargainBuddy : No action taken.
D:\Program Files\Common Files\WhenU\EmbedSE.dll -> Adware.SaveNow : No action taken.
D:\WINDOWS\Temporary Internet Files\Content.IE5\NBFKI7S6\saveupdate[1].exe/Save.exe -> Adware.SaveNow : No action taken.
D:\WINDOWS\Temporary Internet Files\Content.IE5\NBFKI7S6\saveupdate[1].exe/SaveUninst.exe -> Adware.SaveNow : No action taken.
C:\WINDOWS\system32\pmnli.exe -> Downloader.ConHook.ab : No action taken.
D:\NULL -> Downloader.QDown.d : No action taken.
D:\WINDOWS\Cookies\jeff burger@zero.ads360[1].txt -> TrackingCookie.Ads360 : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom.zip/jeff burger@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom1.zip/jeff burger@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom10.zip/jeff burger@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom11.zip/jeff burger@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom12.zip/jeff burger@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom13.zip/jeff burger@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom2.zip/jeff burger@advertising[3].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom3.zip/jeff burger@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom4.zip/jeff burger@advertising[4].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom5.zip/jeff burger@servedby.advertising[3].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom6.zip/jeff burger@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom7.zip/jeff burger@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom8.zip/jeff burger@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom9.zip/jeff burger@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc.zip/jeff burger@atdmt[3].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc1.zip/jeff burger@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc2.zip/jeff burger@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc3.zip/jeff burger@atdmt[3].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc4.zip/jeff burger@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc5.zip/jeff burger@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast.zip/jeff burger@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast1.zip/jeff burger@bfast[1].txt -> TrackingCookie.Bfast : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast2.zip/jeff burger@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast3.zip/jeff burger@bfast[3].txt -> TrackingCookie.Bfast : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast4.zip/jeff burger@bfast[1].txt -> TrackingCookie.Bfast : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast5.zip/jeff burger@bfast[1].txt -> TrackingCookie.Bfast : No action taken.
D:\WINDOWS\Cookies\jeff burger@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
D:\WINDOWS\Cookies\jeff burger@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : No action taken.
D:\WINDOWS\Cookies\jeff burger@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
D:\WINDOWS\Cookies\jeff burger@burstnet[3].txt -> TrackingCookie.Burstnet : No action taken.
D:\WINDOWS\Cookies\jeff burger@com[1].txt -> TrackingCookie.Com : No action taken.
D:\WINDOWS\Cookies\jeff burger@com[2].txt -> TrackingCookie.Com : No action taken.
D:\WINDOWS\Cookies\jeff burger@com[4].txt -> TrackingCookie.Com : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics.zip/jeff burger@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics1.zip/jeff burger@data.coremetrics[2].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics2.zip/jeff burger@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics3.zip/jeff burger@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics4.zip/jeff burger@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics5.zip/jeff burger@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick.zip/jeff burger@doubleclick[3].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick1.zip/jeff burger@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick2.zip/jeff burger@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick3.zip/jeff burger@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick4.zip/jeff burger@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick5.zip/jeff burger@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
D:\WINDOWS\Cookies\jeff burger@a-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt -> TrackingCookie.Esomniture : No action taken.
D:\WINDOWS\Cookies\jeff burger@a-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt -> TrackingCookie.Esomniture : No action taken.
D:\WINDOWS\Cookies\jeff burger@y-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt -> TrackingCookie.Esomniture : No action taken.
D:\WINDOWS\Cookies\jeff burger@y-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt -> TrackingCookie.Esomniture : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick.zip/jeff burger@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick1.zip/jeff burger@fastclick[4].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick2.zip/jeff burger@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick3.zip/jeff burger@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick4.zip/jeff burger@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick5.zip/jeff burger@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick6.zip/jeff burger@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
D:\WINDOWS\Cookies\jeff burger@gamershell[1].txt -> TrackingCookie.Gamershell : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox.zip/jeff burger@ehg-idg.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox1.zip/jeff burger@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox10.zip/jeff burger@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox11.zip/jeff burger@ehg-ubisoft.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox12.zip/jeff burger@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox13.zip/jeff burger@ehg-espn.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox14.zip/jeff burger@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox15.zip/jeff burger@ehg-canon.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox16.zip/jeff burger@hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox17.zip/jeff burger@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox18.zip/jeff burger@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox19.zip/jeff burger@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox2.zip/jeff burger@w101.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox20.zip/jeff burger@ehg-paintball.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox21.zip/jeff burger@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox22.zip/jeff burger@ehg-tigerdirect.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox23.zip/jeff burger@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox24.zip/jeff burger@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox25.zip/jeff burger@ehg-newscientist.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox26.zip/jeff burger@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox27.zip/jeff burger@ehg-tigerdirect2.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox28.zip/jeff burger@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox29.zip/jeff burger@ehg-micron.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox3.zip/jeff burger@hg1.hitbox[4].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox30.zip/jeff burger@ehg-mtv.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox31.zip/jeff burger@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox32.zip/jeff burger@ehg-newegg.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox33.zip/jeff burger@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox34.zip/jeff burger@ehg-bcstore.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox35.zip/jeff burger@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox4.zip/jeff burger@ehg-bestbuy.hitbox[4].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox5.zip/jeff burger@ehg-dig.hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox6.zip/jeff burger@ehg-ubisoft.hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox7.zip/jeff burger@ehg-sonicblue.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox8.zip/jeff burger@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox9.zip/jeff burger@ehg-bestbuy.hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitsLink.zip/jeff burger@counter.hitslink[3].txt -> TrackingCookie.Hitslink : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitsLink1.zip/jeff burger@counter.hitslink[2].txt -> TrackingCookie.Hitslink : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitsLink2.zip/jeff burger@counter.hitslink[2].txt -> TrackingCookie.Hitslink : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex.zip/jeff burger@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex1.zip/jeff burger@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex2.zip/jeff burger@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex3.zip/jeff burger@mediaplex[3].txt -> TrackingCookie.Mediaplex : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex4.zip/jeff burger@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex5.zip/jeff burger@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
D:\WINDOWS\Cookies\jeff burger@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
D:\WINDOWS\Cookies\jeff burger@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : No action taken.
D:\WINDOWS\Cookies\jeff burger@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
D:\WINDOWS\Cookies\jeff burger@login.tracking101[1].txt -> TrackingCookie.Tracking101 : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick.zip/jeff burger@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick1.zip/jeff burger@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick2.zip/jeff burger@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick3.zip/jeff burger@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick4.zip/jeff burger@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick5.zip/jeff burger@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.


::Report end




Panda Scan report

Incident Status Location

Adware:Adware/WhenUSearch Not disinfected D:\Program Files\Common Files\WhenU\EmbedSE.dll
Spyware:Cookie/Advertising Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom.zip[jeff burger@servedby.advertising[1].txt]
Spyware:Cookie/Advertising Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom1.zip[jeff burger@advertising[2].txt]
Spyware:Cookie/Advertising Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom2.zip[jeff burger@advertising[3].txt]
Spyware:Cookie/Advertising Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom3.zip[jeff burger@servedby.advertising[2].txt]
Spyware:Cookie/Advertising Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom4.zip[jeff burger@advertising[4].txt]
Spyware:Cookie/Advertising Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom5.zip[jeff burger@servedby.advertising[3].txt]
Spyware:Cookie/Advertising Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom6.zip[jeff burger@advertising[1].txt]
Spyware:Cookie/Atlas DMT Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc.zip[jeff burger@atdmt[3].txt]
Spyware:Cookie/Atlas DMT Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc1.zip[jeff burger@atdmt[2].txt]
Spyware:Cookie/Bfast Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast.zip[jeff burger@bfast[2].txt]
Spyware:Cookie/Bfast Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast1.zip[jeff burger@bfast[1].txt]
Spyware:Cookie/Coremetrics Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics.zip[jeff burger@data.coremetrics[1].txt]
Spyware:Cookie/Doubleclick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick.zip[jeff burger@doubleclick[3].txt]
Spyware:Cookie/Doubleclick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick1.zip[jeff burger@doubleclick[1].txt]
Spyware:Cookie/FastClick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick.zip[jeff burger@fastclick[2].txt]
Spyware:Cookie/FastClick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick1.zip[jeff burger@fastclick[4].txt]
Spyware:Cookie/FastClick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick2.zip[jeff burger@fastclick[1].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox.zip[jeff burger@ehg-idg.hitbox[2].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox1.zip[jeff burger@hitbox[1].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox3.zip[jeff burger@hg1.hitbox[4].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox5.zip[jeff burger@ehg-dig.hitbox[3].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox6.zip[jeff burger@ehg-ubisoft.hitbox[3].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox8.zip[jeff burger@hg1.hitbox[1].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox11.zip[jeff burger@ehg-ubisoft.hitbox[2].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox12.zip[jeff burger@hg1.hitbox[2].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox14.zip[jeff burger@ehg-dig.hitbox[2].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox16.zip[jeff burger@hitbox[3].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox17.zip[jeff burger@ehg.hitbox[2].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox18.zip[jeff burger@hitbox[2].txt]
Spyware:Cookie/Hitslink Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitsLink.zip[jeff burger@counter.hitslink[3].txt]
Spyware:Cookie/Hitslink Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitsLink1.zip[jeff burger@counter.hitslink[2].txt]
Spyware:Cookie/Mediaplex Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex.zip[jeff burger@mediaplex[2].txt]
Spyware:Cookie/Mediaplex Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex1.zip[jeff burger@mediaplex[1].txt]
Spyware:Cookie/Valueclick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick.zip[jeff burger@valueclick[2].txt]
Spyware:Cookie/Valueclick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick1.zip[jeff burger@valueclick[1].txt]
Spyware:Cookie/Advertising Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom7.zip[jeff burger@advertising[2].txt]
Spyware:Cookie/Advertising Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom8.zip[jeff burger@servedby.advertising[1].txt]
Spyware:Cookie/Atlas DMT Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc2.zip[jeff burger@atdmt[2].txt]
Spyware:Cookie/Bfast Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast2.zip[jeff burger@bfast[2].txt]
Spyware:Cookie/Doubleclick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick2.zip[jeff burger@doubleclick[1].txt]
Spyware:Cookie/FastClick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick3.zip[jeff burger@fastclick[1].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox19.zip[jeff burger@hitbox[1].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox23.zip[jeff burger@ehg-dig.hitbox[2].txt]
Spyware:Cookie/Hitslink Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitsLink2.zip[jeff burger@counter.hitslink[2].txt]
Spyware:Cookie/Mediaplex Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex2.zip[jeff burger@mediaplex[2].txt]
Spyware:Cookie/Valueclick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick2.zip[jeff burger@valueclick[2].txt]
Spyware:Cookie/Advertising Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom9.zip[jeff burger@servedby.advertising[2].txt]
Spyware:Cookie/Advertising Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom10.zip[jeff burger@advertising[2].txt]
Spyware:Cookie/Advertising Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom11.zip[jeff burger@advertising[1].txt]
Spyware:Cookie/Atlas DMT Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc3.zip[jeff burger@atdmt[3].txt]
Spyware:Cookie/Atlas DMT Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc4.zip[jeff burger@atdmt[2].txt]
Spyware:Cookie/Bfast Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast3.zip[jeff burger@bfast[3].txt]
Spyware:Cookie/Bfast Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast4.zip[jeff burger@bfast[1].txt]
Spyware:Cookie/Coremetrics Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics1.zip[jeff burger@data.coremetrics[2].txt]
Spyware:Cookie/Coremetrics Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics3.zip[jeff burger@data.coremetrics[1].txt]
Spyware:Cookie/Doubleclick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick3.zip[jeff burger@doubleclick[2].txt]
Spyware:Cookie/Doubleclick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick4.zip[jeff burger@doubleclick[1].txt]
Spyware:Cookie/FastClick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick4.zip[jeff burger@fastclick[1].txt]
Spyware:Cookie/FastClick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick5.zip[jeff burger@fastclick[2].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox24.zip[jeff burger@ehg-dig.hitbox[1].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox26.zip[jeff burger@hitbox[2].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox28.zip[jeff burger@ehg-dig.hitbox[2].txt]
Spyware:Cookie/Mediaplex Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex3.zip[jeff burger@mediaplex[3].txt]
Spyware:Cookie/Mediaplex Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex4.zip[jeff burger@mediaplex[1].txt]
Spyware:Cookie/Valueclick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick3.zip[jeff burger@valueclick[2].txt]
Spyware:Cookie/Valueclick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick4.zip[jeff burger@valueclick[1].txt]
Spyware:Cookie/Advertising Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom12.zip[jeff burger@servedby.advertising[1].txt]
Spyware:Cookie/Advertising Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom13.zip[jeff burger@advertising[2].txt]
Spyware:Cookie/Atlas DMT Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc5.zip[jeff burger@atdmt[2].txt]
Spyware:Cookie/Bfast Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast5.zip[jeff burger@bfast[1].txt]
Spyware:Cookie/Coremetrics Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics4.zip[jeff burger@data.coremetrics[1].txt]
Spyware:Cookie/Doubleclick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick5.zip[jeff burger@doubleclick[1].txt]
Spyware:Cookie/FastClick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick6.zip[jeff burger@fastclick[2].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox29.zip[jeff burger@ehg-micron.hitbox[1].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox33.zip[jeff burger@ehg-dig.hitbox[2].txt]
Spyware:Cookie/Hitbox Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox35.zip[jeff burger@hitbox[2].txt]
Spyware:Cookie/Mediaplex Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex5.zip[jeff burger@mediaplex[1].txt]
Spyware:Cookie/Valueclick Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick5.zip[jeff burger@valueclick[1].txt]
Adware:Adware/Exact.SearchBar Not disinfected D:\WINDOWS\SYSTEM\exdl.exe
Adware:Adware/Exact.SearchBar Not disinfected D:\WINDOWS\SYSTEM\exul.exe
Adware:Adware/Exact.BargainBuddy Not disinfected D:\WINDOWS\SYSTEM\exdl0.exe
Adware:Adware/Exact.BargainBuddy Not disinfected D:\WINDOWS\SYSTEM\mqexdlm.srg
Adware:Adware/Exact.SearchBar Not disinfected D:\WINDOWS\SYSTEM\javexulm.vxd
Adware:Adware/Exact.SearchBar Not disinfected D:\WINDOWS\SYSTEM\exclean.exe
Adware:Adware/Exact.BargainBuddy Not disinfected D:\WINDOWS\SYSTEM\angelex.exe
Adware:Adware/SaveNow Not disinfected D:\WINDOWS\Temporary Internet Files\Content.IE5\NBFKI7S6\saveupdate[1].exe
Adware:Adware/Exact.BargainBuddy Not disinfected D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe[²èÇ]
Adware:Adware/Exact.BargainBuddy Not disinfected D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe[exdl.exe]
Adware:Adware/Exact.SearchBar Not disinfected D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe[exul.exe]
Adware:Adware/Exact.SearchBar Not disinfected D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe[trkgif.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe[ahadp.exe][angelex.exe]
Hacktool:HackTool/SRunner.B Not disinfected D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe[ahadp.exe][instsrv.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe[ahadp.exe][msexreg.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe[adp8033_OUTB.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe[adp8033_OUTB.exe][bargains.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe[adp8033_OUTB.exe][adv.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe[adp8033_OUTB.exe][adx.exe]
Adware:Adware/Exact.SearchBar Not disinfected D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe[exclean.exe]
Possible Virus. Not disinfected D:\WINDOWS\Temporary Internet Files\Content.IE5\4FDFAQ3D\prutfct[1].exe
Possible Virus. Not disinfected D:\WINDOWS\Temporary Internet Files\Content.IE5\WJNJI4LT\pruthct[1].exe
Possible Virus. Not disinfected D:\WINDOWS\Temporary Internet Files\Content.IE5\94OZHD8P\prutjct[1].exe
Spyware:Cookie/Buzztone Not disinfected D:\WINDOWS\Cookies\jeff burger@www.buzztone[2].txt
Spyware:Cookie/Tucows Not disinfected D:\WINDOWS\Cookies\jeff burger@tucows[2].txt
Spyware:Cookie/Toplist Not disinfected D:\WINDOWS\Cookies\jeff burger@www.toplist[1].txt
Spyware:Cookie/Cd Freaks Not disinfected D:\WINDOWS\Cookies\jeff burger@cdfreaks[1].txt
Spyware:Cookie/GoStats Not disinfected D:\WINDOWS\Cookies\jeff burger@c2.gostats[2].txt
Spyware:Cookie/Go Not disinfected D:\WINDOWS\Cookies\jeff burger@go[1].txt
Spyware:Cookie/Go Not disinfected D:\WINDOWS\Cookies\jeff burger@go[4].txt
Spyware:Cookie/Com.com Not disinfected D:\WINDOWS\Cookies\jeff burger@com[2].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected D:\WINDOWS\Cookies\jeff burger@smni[2].txt
Spyware:Cookie/GoStats Not disinfected D:\WINDOWS\Cookies\jeff burger@gostats[2].txt
Spyware:Cookie/Go Not disinfected D:\WINDOWS\Cookies\jeff burger@go[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected D:\WINDOWS\Cookies\jeff burger@www.myaffiliateprogram[1].txt
Spyware:Cookie/Gorillanation Not disinfected D:\WINDOWS\Cookies\jeff burger@ads.gorillanation[1].txt
Spyware:Cookie/Go Not disinfected D:\WINDOWS\Cookies\jeff burger@go[3].txt
Spyware:Cookie/BurstNet Not disinfected D:\WINDOWS\Cookies\jeff burger@burstnet[2].txt
Spyware:Cookie/Xiti Not disinfected D:\WINDOWS\Cookies\jeff burger@xiti[1].txt
Spyware:Cookie/Affiliate fuel Not disinfected D:\WINDOWS\Cookies\jeff burger@www.affiliatefuel[2].txt
Spyware:Cookie/BurstBeacon Not disinfected D:\WINDOWS\Cookies\jeff burger@www.burstbeacon[1].txt
Spyware:Cookie/Com.com Not disinfected D:\WINDOWS\Cookies\jeff burger@com[1].txt
Spyware:Cookie/Go Not disinfected D:\WINDOWS\Cookies\jeff burger@go[6].txt
Spyware:Cookie/Rightmedia Not disinfected D:\WINDOWS\Cookies\jeff burger@rightmedia[2].txt
Spyware:Cookie/Target Not disinfected D:\WINDOWS\Cookies\jeff burger@target[1].txt
Spyware:Cookie/Com.com Not disinfected D:\WINDOWS\Cookies\jeff burger@com[4].txt
Spyware:Cookie/BurstBeacon Not disinfected D:\WINDOWS\Cookies\jeff burger@www.burstbeacon[3].txt
Spyware:Cookie/BurstNet Not disinfected D:\WINDOWS\Cookies\jeff burger@burstnet[3].txt
Adware:Adware/Qdown Not disinfected D:\NULL


new HiJackThis log taken after the online scan finishes

Logfile of HijackThis v1.99.1
Scan saved at 21:44, on 06-09-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Jeff\My Documents\Unzipped\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 580" /O6 "USB001" /M "Stylus COLOR 580"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
Roomba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-24-2006, 09:39 PM   #4 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 5
OS: Win XP


IE popups, gaming disconnect, shutdown
Sorry. I got a Fatal error and didn't check the post before I did it again!
Last edited by Roomba; 09-24-2006 at 09:46 PM. Reason: Accidental second post!
Roomba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-24-2006, 09:41 PM   #5 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 5
OS: Win XP


IE popups, gaming disconnect, shutdown
Ignore this post. Sorry!
Last edited by Roomba; 09-24-2006 at 09:45 PM. Reason: accidental third copy!
Roomba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-05-2006, 06:49 AM   #6 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 5
OS: Win XP


Bump
Hello again.

I am still having severe ping spikes with Battlefield 2. Sometimes I cannot get into a server before getting "Your connection was lost" message. A typical ping was 35-50. Then after 15 seconds, I get a hugh spike (>1000!) and get disconnected. I have tried turning off the antivirus stuff but that never had a problem before. My Windows firewall is set to allow the BF2 game through. I am not sure about the router's firewall. It is a Linksys WRT54GS. I have the computer hardlined to the router.

My IE problems have gone away and my internet is running smooth. The only problems lies with the game. I ran lagmeter and it indicated the "client" was the highest source of lag. I think that was my computer. The other two choices were network and server.

I have been scouring the forums for any guidance. I am close to a complete harddrive reformat but I thought I might try a few other options. Any help is appreciated.
Roomba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-06-2006, 12:07 AM   #7 (permalink)
Mentor, Analyst - Security Team
 
Deckard's Avatar
 
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows


Hi Roomba,

Somehow I missed your reply. I apologize for that. You've got some trojans that are just sitting around, so let's deal with them. Please set Ewido to quarantine and scan again as it will remove most of these.

Reconfigure Ewido
Please reconfigure Ewido to the following settings:
  • Open Ewido by double-clicking the Ewido system tray icon.
  • Click the Scanner tab at the top and then the Settings sub-tab:
    • Under How to act?, click Recommended actions and select Quarantine.
    • Under Reports, select Automatically generate report after every scan
  • Run a scan with Ewido.

Unhide Files
Go to My Computer > Tools > Folder Options > View tab and select "Show hidden files and folders". Uncheck the "Hide protected operating system files (Recommended)" option. Also make sure there is no checkmark beside "Hide file extensions for known file types". Click OK.

Uninstall
Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):
WhenU (any entry)
Please let me know if any of these were unable to uninstall.

Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

D:\Program Files\Common Files\WhenU
D:\WINDOWS\SYSTEM\exclean.exe

Clear Cookies
Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General. Under Temporary Internet Files, click on Delete Cookies. Then click Delete Files.


Online Scan
Please perform an BitDefender Online Scan using Internet Explorer. Once finished, click on the Details button to view the results. To the upper right of the results you will see an option saying "Click here to export the scan results", please do so and save them to your desktop. Post the log of the scan results.


Generate An Uninstall List
  • Open HijackThis.
  • Click on the "Configure" button on the bottom right.
  • Click on the tab "Misc Tools".
  • Click on the Box that says "Open Uninstall Manager".
  • Click on the button "Save list"
Please save a copy and paste the contents with your next reply.


With Your Next Post...
Please paste the following with your next reply (in this order please):
  1. Ewido scan report,
  2. BitDefender scan report,
  3. Your uninstall list,
  4. a new HiJackThis log taken after BitDefender finishes.
__________________
The chance to begin again in a golden land of opportunity and adventure.

Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.


UNITE/ASAP: Proud member since 2006
Deckard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-09-2006, 02:34 PM   #8 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 5
OS: Win XP


Updated scan log files
Hey,

Again, I appreciate your help. I have ran the scans and the logs are posted below.

The WhenU was not in the Add/Remove list of programs. I did delete the directory and files.

1. Ewido scan report

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:31 06-10-07

+ Scan result:



D:\WINDOWS\SYSTEM\exdl.exe -> Adware.BargainBuddy : No action taken.
D:\WINDOWS\SYSTEM\exdl0.exe -> Adware.BargainBuddy : No action taken.
D:\WINDOWS\SYSTEM\exul.exe -> Adware.BargainBuddy : No action taken.
D:\WINDOWS\SYSTEM\javexulm.vxd -> Adware.BargainBuddy : No action taken.
D:\WINDOWS\SYSTEM\mqexdlm.srg -> Adware.BargainBuddy : No action taken.
D:\System Volume Information\_restore{DF188411-83F8-44D3-BF7E-B66E53B83490}\RP617\A0069953.dll -> Adware.SaveNow : No action taken.
D:\WINDOWS\Temporary Internet Files\Content.IE5\NBFKI7S6\saveupdate[1].exe/Save.exe -> Adware.SaveNow : No action taken.
D:\WINDOWS\Temporary Internet Files\Content.IE5\NBFKI7S6\saveupdate[1].exe/SaveUninst.exe -> Adware.SaveNow : No action taken.
C:\WINDOWS\system32\pmnli.exe -> Downloader.ConHook.ab : No action taken.
D:\NULL -> Downloader.QDown.d : No action taken.
D:\WINDOWS\Cookies\jeff burger@zero.ads360[1].txt -> TrackingCookie.Ads360 : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom.zip/jeff burger@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom1.zip/jeff burger@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom10.zip/jeff burger@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom11.zip/jeff burger@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom12.zip/jeff burger@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom13.zip/jeff burger@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom2.zip/jeff burger@advertising[3].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom3.zip/jeff burger@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom4.zip/jeff burger@advertising[4].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom5.zip/jeff burger@servedby.advertising[3].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom6.zip/jeff burger@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom7.zip/jeff burger@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom8.zip/jeff burger@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom9.zip/jeff burger@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc.zip/jeff burger@atdmt[3].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc1.zip/jeff burger@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc2.zip/jeff burger@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc3.zip/jeff burger@atdmt[3].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc4.zip/jeff burger@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc5.zip/jeff burger@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast.zip/jeff burger@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast1.zip/jeff burger@bfast[1].txt -> TrackingCookie.Bfast : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast2.zip/jeff burger@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast3.zip/jeff burger@bfast[3].txt -> TrackingCookie.Bfast : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast4.zip/jeff burger@bfast[1].txt -> TrackingCookie.Bfast : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BFast5.zip/jeff burger@bfast[1].txt -> TrackingCookie.Bfast : No action taken.
D:\WINDOWS\Cookies\jeff burger@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
D:\WINDOWS\Cookies\jeff burger@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : No action taken.
D:\WINDOWS\Cookies\jeff burger@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
D:\WINDOWS\Cookies\jeff burger@burstnet[3].txt -> TrackingCookie.Burstnet : No action taken.
D:\WINDOWS\Cookies\jeff burger@com[1].txt -> TrackingCookie.Com : No action taken.
D:\WINDOWS\Cookies\jeff burger@com[2].txt -> TrackingCookie.Com : No action taken.
D:\WINDOWS\Cookies\jeff burger@com[4].txt -> TrackingCookie.Com : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics.zip/jeff burger@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics1.zip/jeff burger@data.coremetrics[2].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics2.zip/jeff burger@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics3.zip/jeff burger@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics4.zip/jeff burger@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics5.zip/jeff burger@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick.zip/jeff burger@doubleclick[3].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick1.zip/jeff burger@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick2.zip/jeff burger@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick3.zip/jeff burger@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick4.zip/jeff burger@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick5.zip/jeff burger@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
D:\WINDOWS\Cookies\jeff burger@a-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt -> TrackingCookie.Esomniture : No action taken.
D:\WINDOWS\Cookies\jeff burger@a-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt -> TrackingCookie.Esomniture : No action taken.
D:\WINDOWS\Cookies\jeff burger@y-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt -> TrackingCookie.Esomniture : No action taken.
D:\WINDOWS\Cookies\jeff burger@y-1shz2prbmdj6wvny-1sez2pra2d...ure[2].txt -> TrackingCookie.Esomniture : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick.zip/jeff burger@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick1.zip/jeff burger@fastclick[4].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick2.zip/jeff burger@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick3.zip/jeff burger@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick4.zip/jeff burger@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick5.zip/jeff burger@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick6.zip/jeff burger@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
D:\WINDOWS\Cookies\jeff burger@gamershell[1].txt -> TrackingCookie.Gamershell : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox.zip/jeff burger@ehg-idg.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox1.zip/jeff burger@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox10.zip/jeff burger@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox11.zip/jeff burger@ehg-ubisoft.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox12.zip/jeff burger@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox13.zip/jeff burger@ehg-espn.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox14.zip/jeff burger@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox15.zip/jeff burger@ehg-canon.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox16.zip/jeff burger@hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox17.zip/jeff burger@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox18.zip/jeff burger@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox19.zip/jeff burger@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox2.zip/jeff burger@w101.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox20.zip/jeff burger@ehg-paintball.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox21.zip/jeff burger@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox22.zip/jeff burger@ehg-tigerdirect.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox23.zip/jeff burger@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox24.zip/jeff burger@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox25.zip/jeff burger@ehg-newscientist.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox26.zip/jeff burger@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox27.zip/jeff burger@ehg-tigerdirect2.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox28.zip/jeff burger@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox29.zip/jeff burger@ehg-micron.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox3.zip/jeff burger@hg1.hitbox[4].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox30.zip/jeff burger@ehg-mtv.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox31.zip/jeff burger@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox32.zip/jeff burger@ehg-newegg.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox33.zip/jeff burger@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox34.zip/jeff burger@ehg-bcstore.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox35.zip/jeff burger@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox4.zip/jeff burger@ehg-bestbuy.hitbox[4].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox5.zip/jeff burger@ehg-dig.hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox6.zip/jeff burger@ehg-ubisoft.hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox7.zip/jeff burger@ehg-sonicblue.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox8.zip/jeff burger@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox9.zip/jeff burger@ehg-bestbuy.hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitsLink.zip/jeff burger@counter.hitslink[3].txt -> TrackingCookie.Hitslink : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitsLink1.zip/jeff burger@counter.hitslink[2].txt -> TrackingCookie.Hitslink : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitsLink2.zip/jeff burger@counter.hitslink[2].txt -> TrackingCookie.Hitslink : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex.zip/jeff burger@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex1.zip/jeff burger@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex2.zip/jeff burger@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex3.zip/jeff burger@mediaplex[3].txt -> TrackingCookie.Mediaplex : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex4.zip/jeff burger@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex5.zip/jeff burger@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
D:\WINDOWS\Cookies\jeff burger@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
D:\WINDOWS\Cookies\jeff burger@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : No action taken.
D:\WINDOWS\Cookies\jeff burger@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
D:\WINDOWS\Cookies\jeff burger@login.tracking101[1].txt -> TrackingCookie.Tracking101 : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick.zip/jeff burger@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick1.zip/jeff burger@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick2.zip/jeff burger@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick3.zip/jeff burger@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick4.zip/jeff burger@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick5.zip/jeff burger@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.


::Report end



2. BitDefender scan report

BitDefender Online Scanner



Scan report generated at: Sat, Oct 07, 2006 - 07:16:14





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;







Statistics

Time
06:37:54

Files
634022

Folders
9012

Boot Sectors
4

Archives
3835

Packed Files
48641




Results

Identified Viruses
4

Infected Files
5

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
5




Engines Info

Virus Definitions
474351

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1
Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d26.qua
Detected with: Application.JS.ForcePopup.D

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d26.qua
Disinfection failed

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d26.qua
Deleted

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d3e.qua
Detected with: Application.JS.ForcePopup.D

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d3e.qua
Disinfection failed

C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic\INFECTED\45650d3e.qua
Deleted

C:\WINDOWS\system32\pmnli.exe
Infected with: Trojan.Downloader.Conhook.P

C:\WINDOWS\system32\pmnli.exe
Disinfection failed

C:\WINDOWS\system32\pmnli.exe
Deleted

D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe=>(NSIS o)=>lzma_solid_nsis0005
Infected with: Trojan.Clicker.Vb.EX

D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe=>(NSIS o)=>lzma_solid_nsis0005
Disinfection failed

D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe=>(NSIS o)=>lzma_solid_nsis0005
Deleted

D:\WINDOWS\Temporary Internet Files\Content.IE5\I9SBIXU5\adp8033[1].exe=>(NSIS o)
Update failed

D:\NULL
Infected with: Trojan.Downloader.Qdown.D

D:\NULL
Disinfection failed

D:\NULL
Deleted

3. Your uninstall list

3DMark03
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop Elements 3.0
Adobe Premiere Elements 1.0
Adobe Reader 7.0.8
Ahead InCD
ASUS Probe V2.19.07
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
Avira AntiVir PersonalEdition Classic
Battlecraft 1942
Battlefield 1942
Battlefield 2(TM)
Battlefield 2: Special Forces
Battlefield2 Map El Alamein XXL
Bigfoot Networks LagMeter
Canon PIXMA iP6000D
CleanUp!
DC Slovenia Alps
DCXtended .9
DesertCombat 0.7
D-Link AirPlus G Wireless LAN Adapter
Dr. Hardware 2006 7.5.0e
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy CD & DVD Creator 6
EPSON Printer Software
ewido anti-spyware 4.0
Far Cry
FileSpecs plug-in for Ad-Aware SE
First Step Guide
Fraps
GameSpy Arcade
Google Desktop
Google Desktop Plugin - eBay Watcher
Google Toolbar for Internet Explorer
HexDump plug-in for Ad-Aware SE
HijackThis 1.99.1
ImageMixer VCD2
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 7
Lavasoft VX2 Cleaner
Macromedia Flash Player
Macromedia Flash Player 8
Macromedia Shockwave Player
Media Library Management Wizard
Messenger Control Plugin for Ad-aware
Messenger-Control plug-in for Ad-Aware SE
Microsoft .NET Framework 1.1
Microsoft Office 2000 SR-1 Professional
Morrowind
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (1.0.7)
MSN Music Assistant
Nero - Burning Rom
NVIDIA Windows 2000/XP nForce Drivers
OE Messenger Plugin for Ad-aware
OE/W Messengerctrl plug-in for Ad-Aware SE
Panda ActiveScan
Personal License Update Wizard for Windows Media Player
Picture Package
Plus! MP3 Audio Converter LE
PowerDVD
QuickTime
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB925486)
Sony USB Driver
Spybot - Search & Destroy 1.3.1 TX
SpywareBlaster v3.5.1
TeamSpeak 2 RC2
TES Construction Set
The Simpsons Hit & Run(TM)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Bonus Pack for Windows XP
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Series TweakMP PowerToy
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinPcap 3.1
WinRAR archiver
WinZip
XIII


4. a new HiJackThis log taken after BitDefender finishes.

Logfile of HijackThis v1.99.1
Scan saved at 21:44, on 06-09-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Jeff\My Documents\Unzipped\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 580" /O6 "USB001" /M "Stylus COLOR 580"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
Roomba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-09-2006, 08:43 PM   #9 (permalink)
Mentor, Analyst - Security Team
 
Deckard's Avatar
 
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows


I'm still a bit troubled that Ewido still didn't delete anything. I'll just have you do them by hand then.


Deletions
Delete the following files indicated in RED if they still exist:
D:\WINDOWS\SYSTEM\exdl.exe
D:\WINDOWS\SYSTEM\exdl0.exe
D:\WINDOWS\SYSTEM\exul.exe
D:\WINDOWS\SYSTEM\javexulm.vxd
D:\WINDOWS\SYSTEM\mqexdlm.srg

Empty Spybot Quarantine
Open SpyBot Search & Destroy and click on the Recovery button. Tick all the listed boxes and then click on Purge selected items at the top. Click Yes. Exit Spybot.


Clear Cookies
Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General. Under Temporary Internet Files, click on Delete Cookies. Then click Delete Files.


Perform an online scan with Internet Explorer with Panda ActiveScan.
  1. Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker.
  2. Enter your e-mail address, country, and state and click Scan Now.
  3. Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control.
  4. Begin the scan by selecting My Computer. Note:
    • Please turn off the real time scanner of any existing antivirus program while performing the online scan.
    • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
    • Click on See report then click Save report.
    • It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report.

Post the Panda report when it's done along with one more HijackThis log. Also let me know how your machine is behaving now.
__________________
The chance to begin again in a golden land of opportunity and adventure.

Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.


UNITE/ASAP: Proud member since 2006
Deckard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-10-2006, 10:40 AM   #10 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 5
OS: Win XP


Next log entries 10-10-06
Hello.

I did the tasks you asked. The files you requested deletion is from my secondary hard drive. It was once used as the main HD with Win98SE as the OS. I had to rebuild the computer and switched to a new HD and XP. The D:\ drive is just a slave to the C:\. I am sure you knew this but I thought I would point it out.

The Panda scan did not find anything and did not give an option for a report. I believe I did the scan correctly. I hope that is a good sign.

My computer is working 100% better. My web pages load quickly and there are no popups for IE. My problem lies with the Battlefield2 connection to the servers. I get erradic connection and I can't figure out why. I can log into the game account. If I can get into a server I will get a ping of 40-70 which is good. Then after a short time, the ping will spike very high (>1000!) and I get the message "Your connection to the server was lost".
This has happened to others since the latest 1.4 patch of the game. I have Comcast with a cable modem. Assuming we have the other software problems fixed, can you help with hard ware? Or do you think its time to call my ISP provider? Any guidance is always appreciated!

Here is the latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:29, on 06-10-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Jeff\My Documents\Unzipped\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 580" /O6 "USB001" /M "Stylus COLOR 580"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
Roomba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-10-2006, 09:31 PM   #11 (permalink)
Mentor, Analyst - Security Team
 
Deckard's Avatar
 
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows


Unfortunately my specalties lie in malware removal. We do have those experts here, though -- I suggest you check out the Games forum or maybe the XP forum. If you post, make sure you let them know that you've been checked out here and given a clean bill of health.


Well done, your logs are clean! Any more issues? If not, you should be good to go but we still have a few items we'd like to address.

Reset hidden/system files and folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm and then click OK.

Reset System Restore
  • Go to Start>Run, type SYSDM.CPL and press Enter.
  • Select the System Restore tab.
  • Check "Turn off System Restore on all drives" and click Apply.
  • Now uncheck the same option and click OK.

Re-enable Protection
Turn back on any malware prevention tools we might have had you switch off.

Microsoft Updates
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by malware. Using Internet Explorer, please go to Microsoft's Windows Update and download all of the critical updates to help prevent possible re-infection.

Enable Windows Auto Update:
  • Go to Start>Run, type WUAUCPL.CPL and press Enter.
  • Make sure "Keep my computer up to date" is checked.
  • Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Update Java
You need to update your Java as it is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  1. Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
  2. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  3. Click the "Download" button to the right.
  4. Check the box that says: "Accept License Agreement".
  5. The page will refresh.
  6. Click on the link to download Windows Offline Installation with or without multi-language and save to your desktop.
  7. Close any programs you may have running -- especially your web browser(s).
  8. Go to Start→Control Panel double-click on Add/Remove Programs.
  9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  10. Click the Remove or Change/Remove button.
  11. Repeat as many times as necessary to remove each version of Java.
  12. Reboot your computer once all Java components are removed.
  13. Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
  14. After the reboot, go back into the Control Panel and double-click the Java icon.
  15. Under Temporary Internet Files, click the Delete Files button.
  16. There are three options in the window to clear the cache - Leave ALL three checked:
    • Downloaded Applets
    • Downloaded Applications
    • Other Files
  17. Click OK on Delete Temporary Files Window. NOTE: This deletes ALL of the Downloaded Applications and Applets from the cache.
  18. Click OK to leave the Java Control Panel.

Malware Prevention
This is a good time to set up protection against further attacks. You might want to read Tony Klein's "How Did I Get Infected In The First Place?". At the minimum, you need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard to prevent spyware intrusions. I also recommend IE-Spyad, which places over 4,000 websites and domains in the IE Restricted list, thus helping prevent attempts to re-infect your system. All of these have no-strings-attached free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use but often have malware in them.

Two more articles you may want to read at your leisure are "KRC Anti-Spyware Tutorial" and "Making Internet Explorer Safer".

The following is a list of free software we recommend:

Antivirus
AV software should be updated at least once a week for optimum protection. Here are some free AV programs available for personal use. NOTE: Do not install more than one AV program because they will conflict with each other. Only pick one.
Firewalls
A good firewall is the first-line of defense for your computer and will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you are unfamiliar with how a firewall works, you can read "Understanding and Using Firewalls". Here are some free firewalls available for personal use:Realtime Malware Prevention Tools
These programs actively watch your computer for possible malware-related changes and help prevent them. You can run more than one of these at a time.Passive Malware Prevention Tools
These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.
  • SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
  • IE-Spyad - Extract to your desktop and double-click install.bat. Install options #2 and #4. IE-Spyad places more than 4,000 dubious domains in the IE Restricted list, which impairs attempts to infect your system. It prevents any downloads from the sites although you will still be able to connect to them. You can read more about it on it's homepage.
  • MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
  • McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.
Alternative Web Browsers
Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.Alternative Miscellaneous
Here are some alternatives that are worth looking into if you use their features:
  • Trillian - an Instant Messenger client that speaks multiple IM services (AIM, Yahoo!, ICQ, MSN, etc.)
  • Miranda-IM - another Instant Messenger client with multiple IM capabilities.
  • Desktop Weather - A taskbar weather program that is free and resource light.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
The chance to begin again in a golden land of opportunity and adventure.

Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.


UNITE/ASAP: Proud member since 2006
Deckard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-12-2006, 03:15 PM   #12 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 5
OS: Win XP


Thank you for your help!
Deckard,

I really appreciate your help with my malware/spyware removal. My computer is working great. I am going to read through your last post and do my best to prevent this from happening again. I like the section "how did i get it in the first place?"

As for my gaming prob, it was my modem. I had them come out and check it and the modem was bad. I played yesterday without the disconnection probs through as new modem. I will check your gaming forum as well for more stuff.

Props to you and thanks again!
Roomba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-12-2006, 09:36 PM   #13 (permalink)
Mentor, Analyst - Security Team
 
Deckard's Avatar
 
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows


Awesome news -- I like it when everything works out. Take care and stay safe!
__________________
The chance to begin again in a golden land of opportunity and adventure.

Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.


UNITE/ASAP: Proud member since 2006
Deckard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:46 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85