My HJT logfile Any problems?

xiktpqx · 02-24-2006, 06:04 PM

I continuously get popups even after scans with updated versions of trand micro pc-cillin, and ad-aware 6.0 se. Any help please?
Logfile of HijackThis v1.99.1
Scan saved at 12:01:55 PM, on 25/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Compaq\eakdrv\STARTDRV.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Compaq\eakdrv\EAKDRV.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Compaq\eakdrv\EAUSBKBD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\CHRISR~1\LOCALS~1\Temp\Rar$EX00.016\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\My Documents\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0EE4B025-2486-A43A-3EEA-4FA6781B8975} - C:\DOCUME~1\CHRISR~1\APPLIC~1\ONESET~1\sendroam.exe (file missing)
O2 - BHO: (no name) - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - (no file)
O2 - BHO: (no name) - {55274583-B958-A062-68D3-5440BCCE11B9} - C:\DOCUME~1\CHRISR~1\APPLIC~1\ONESET~1\sendroam.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\My Documents\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-au\msntb.dll (file missing)
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [ACTIVE DEAF LONG OPTION] C:\Documents and Settings\All Users\Application Data\skipmultiactivedeaf\rdrgrid.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Compaq\eakdrv\STARTDRV.exe
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\MYDOCU~1\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\MYDOCU~1\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1132832078890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1132832059296
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{92DFCFAD-8CA7-46DD-A586-4E115138D625}: Domain = nsw.bigpond.net.au
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

tetonbob · 02-24-2006, 09:23 PM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

Download Ewido Security Suite

Install Ewido Security Suite
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it.

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:

Delete Newsgroup cache

Delete Newsgroup Subscriptions

Scan local drives for temporary files

4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if found:

iMeshBar

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files

With the first file it prompts to clean, select the option:

"Perform action on all infections"
Choose clean and click OK.

Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0EE4B025-2486-A43A-3EEA-4FA6781B8975} - C:\DOCUME~1\CHRISR~1\APPLIC~1\ONESET~1\sendroam.ex e (file missing)
O2 - BHO: (no name) - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - (no file)
O2 - BHO: (no name) - {55274583-B958-A062-68D3-5440BCCE11B9} - C:\DOCUME~1\CHRISR~1\APPLIC~1\ONESET~1\sendroam.ex e (file missing)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)
O4 - HKLM\..\Run: [ACTIVE DEAF LONG OPTION] C:\Documents and Settings\All Users\Application Data\skipmultiactivedeaf\rdrgrid.exe

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

Delete the following Files/Folders if they exist:

C:\Documents and Settings\CHRISR~1\Application Data\ONESET~1<<<this will be a folder which begins with ONESET
C:\Program Files\iMeshBar
C:\Documents and Settings\All Users\Application Data\skipmultiactivedeaf

Restart in normal mode.

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner

Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.

Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.

Click on See report then click Save report

*Turn off the real time scanner of any existing antivirus program while performing the online scan

Run a new HijackThis scan. Save the log file and post it here.

Download fl.zip
Extract the contents to a new folder on your Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply

Please return with logs from:

Ewido
Panda
findlop.txt
HJT

xiktpqx · 02-25-2006, 02:12 AM

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:42:29 PM, 25/02/2006
+ Report-Checksum: A0C6D1A2

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{5345A7A9-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{5345A7A9-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5345A7A1-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-4265909289-2389969595-2291903390-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5345A7A1-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-4265909289-2389969595-2291903390-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5345A7A9-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup

::Report End

Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/powerscan Not disinfected Windows Registry
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\87o9dwai.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\87o9dwai.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\87o9dwai.default\cookies.txt[]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Mozilla\Firefox\Profiles\d24ddgjs.dick\cookies.txt[]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-2c1eff05.zip[InstallerApplet.class]
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\AceMagsGridRemote.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\alrxlzlg.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\awmmwavk.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\axismodebird.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\bcprchiz.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\bpzuosnf.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\btcryexq.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\btjhvbum.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\caljygzi.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\cfnctavx.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\cgmsnhns.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\chmmkpmk.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\crmuqgzq.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\cwhnqceo.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\dexmigha.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\dfryxgar.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\dnwqvoyo.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\egmrcyvf.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\fgneptcg.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\fzlbvrxa.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\gbaiyrot.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\gdscxvyv.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\gevatxlb.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\grvpjxxp.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\hawihfju.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\hmxmgbyf.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\hvuauxwr.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\hymqotuv.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\ibyfulwz.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\ikvflfij.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\inokvdfn.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\jexpomeo.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\jfdyithv.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\jmrcetoj.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\junhxynp.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\kdtumqnb.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\kiuctlta.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\kknznegm.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\kmfvzuxy.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\knelenzs.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\kpckdlpd.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\lilkfboz.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\mojcjkmm.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\naokwnmh.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\nkdimweg.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\oeofnnvm.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\oiyxbzio.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\ojystibl.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\otgcdbwl.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\owpayywf.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\oxgabmna.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\pbhefaqn.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\qckaplpj.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\qdptfcat.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\revqkwzc.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\rncaufel.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\ruxsmdsl.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\sjvbdxyc.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\sjyaipqp.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\svvlahik.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\tbqgktsj.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\tdmvtryg.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\tyorized.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\ubfsdmhf.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\vcvgoyyh.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\vmjsdgbf.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\vsehlhvl.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\vtlondul.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\vuxpgsyy.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\wbcxshnl.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\wbrtjtrn.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\wejhapax.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\wqwufzze.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\xxlgtexv.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\xzsldbst.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\yfmqjexx.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\yihtrxdj.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\yqsgcmgh.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\zeuvcrpp.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\zgwkmaaj.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\zrpteedd.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend\zwwiijpf.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\2 drv.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Ace Grid.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\ace remote.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\active 4.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Admin 1.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\adminbin.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\ADMINCOMP.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\AimLoud.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Ante Road.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Antipure.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Atom Active.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\ATOMBAT.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\AtomHeck.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Balm For.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Beepmapi.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\bias active.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\bias tool.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\BitsThunk.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Boob pure.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\bows lite.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\byte phone.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\COOL ATOM.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\DEAD LINK.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Debug Fast.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Delete Corn.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Dogcast.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\drawdefy.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Eggs Barb.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\FLAG TRUST.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Flap Blue.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\fork mix.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\FOURWIN.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Frag 2.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Funk the.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\gplflag.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\GRID DOG.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Infocreative.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\isobits.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\lessfunk.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\licensephone.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Link Ford.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\List Browse.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\LOAD PING.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\LogIso.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Love blue.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Mail Mix.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Mp3 Sixth.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\newmath.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\okay online.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\OneLess.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\ooze new.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\OozeAxis.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\play draw.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\plus 1.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\POKETHE.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\rdrgrid.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\regsprogram.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\seek ooze.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Shim Amen.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Sixth four.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Slow Dash.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\software knob.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Start Great.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\stop sixth.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\the two.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\third default.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Third free.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\title name.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\TransReal.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\TrayTime.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\User dash.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\view scr.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\web bold.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\win balm.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Win Thunk.exe
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-4265909289-2389969595-2291903390-1006\Dc1\Wma Extra.exe

Logfile of HijackThis v1.99.1
Scan saved at 8:11:09 PM, on 25/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Compaq\eakdrv\STARTDRV.exe
C:\Compaq\eakdrv\EAKDRV.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Compaq\eakdrv\EAUSBKBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\CHRISR~1\LOCALS~1\Temp\Rar$EX00.500\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\My Documents\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\My Documents\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-au\msntb.dll (file missing)
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Compaq\eakdrv\STARTDRV.exe
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\MYDOCU~1\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\MYDOCU~1\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1132832078890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1132832059296
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{92DFCFAD-8CA7-46DD-A586-4E115138D625}: Domain = nsw.bigpond.net.au
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Volume in drive C has no label.
Volume Serial Number is E4B9-42B6

Directory of C:\Documents and Settings\All Users\Application Data

03/12/2005 11:39 AM <DIR> Adobe
03/12/2005 11:42 AM <DIR> Adobe Systems
16/01/2006 01:38 AM <DIR> AOL Downloads
28/07/2005 07:18 PM <DIR> BigPond
19/11/2005 05:56 PM <DIR> BVRP Software
07/10/2005 03:31 PM <DIR> creative bind settings 4
21/12/2005 02:21 AM 10 DragToDiscUserNameE.txt
26/11/2005 12:20 PM <DIR> Kodak
22/12/2004 08:30 AM <DIR> MSN6
22/11/2005 06:17 PM <DIR> nView_Profiles
11/12/2004 09:57 PM <DIR> pixelStorm
20/10/2004 04:24 PM <DIR> QuickTime
16/10/2005 12:01 AM <DIR> Spybot - Search & Destroy
18/07/2005 12:02 PM <DIR> Symantec
09/10/2005 04:55 PM <DIR> Windows Genuine Advantage
19/12/2005 02:08 AM <DIR> Yahoo! Companion
1 File(s) 10 bytes
15 Dir(s) 6,130,044,928 bytes free
Volume in drive C has no label.
Volume Serial Number is E4B9-42B6

Directory of C:\Documents and Settings\Chris Robb\Application Data

19/02/2006 12:50 PM <DIR> Adobe
28/08/2005 12:52 PM <DIR> Apple Computer
25/02/2006 11:20 AM <DIR> Azureus
28/07/2005 07:18 PM <DIR> BigPond
26/01/2006 01:32 AM <DIR> FoxieSpywareSwiftSweeper
11/08/2004 03:48 PM <DIR> Help
30/07/2005 03:19 PM <DIR> Identities
10/09/2001 03:27 PM <DIR> InterTrust
09/10/2005 05:06 PM <DIR> Lavasoft
07/02/2005 09:37 PM <DIR> Macromedia
24/02/2006 06:54 PM <DIR> Media Player Classic
24/10/2004 11:04 PM <DIR> Mozilla
12/04/2005 01:50 PM <DIR> MSN6
07/10/2005 01:53 PM <DIR> one settings tray
03/12/2005 01:13 PM <DIR> Opera
28/07/2005 11:38 PM <DIR> Real
27/12/2005 12:17 AM <DIR> Roxio
11/06/2005 04:33 PM <DIR> Sun
16/11/2005 04:44 PM <DIR> Supportwaybend
19/07/2004 05:10 PM <DIR> Symantec
24/10/2004 11:04 PM <DIR> Talkback
11/08/2004 06:02 PM <DIR> Template
25/02/2006 04:31 PM <DIR> uTorrent
22/11/2005 10:03 PM <DIR> Xfire
0 File(s) 0 bytes
24 Dir(s) 6,130,044,928 bytes free
Volume in drive C has no label.
Volume Serial Number is E4B9-42B6

Directory of C:\Documents and Settings\Owner\Application Data

10/09/2001 03:27 PM <DIR> Adobe
10/09/2001 03:00 PM <DIR> Identities
10/09/2001 03:27 PM <DIR> InterTrust
0 File(s) 0 bytes
3 Dir(s) 6,130,044,928 bytes free
Volume in drive C has no label.
Volume Serial Number is E4B9-42B6

Directory of C:\Documents and Settings\Default User\Application Data

10/09/2001 03:27 PM <DIR> .
10/09/2001 03:27 PM <DIR> ..
12/11/2005 06:31 PM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 6,130,044,928 bytes free
Volume in drive C has no label.
Volume Serial Number is E4B9-42B6

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is E4B9-42B6

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AFAA2FFF93D5AE4B.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\chrisr~1\applic~1\suppor~1\axismodebird.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Chris Robb'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 06/14/2005 20:00:16
NextRun: 02/25/2006 21:00:00
StartError: 0x80090016
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/10/2001
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

tetonbob · 02-25-2006, 08:03 AM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

------------------------------------------------------------

See this page for instructions on how to clear java's cache.

------------------------------------------------------------

Clear your Firefox cookies. From the open browser, go toTools>Options>Privacy>Cookies>Clear

------------------------------------------------------------

Empty your Recycle Bin

------------------------------------------------------------

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}]

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

------------------------------------------------------------

Click on the Start button & select Run
Type in tasks & click Ok
In the ensuing window, click on the 'Advanced' menu (located above) & select 'View Hidden Tasks'
Review all the tasks/jobs at hand. You should be able to recognise jobs that you have created yourself.
Delete hidden jobs that look like these:

AFAA2FFF93D5AE4B.job
A06F1FEF91A49933.job
A2C3205A93B8CDFA.job
A36F645091B91BF0.job
A42C6F7190EFE559.job

You can recognise them by the fact that they're hidden & have names that consist of 16 random letters.

------------------------------------------------------------

Reboot to Safe Mode.

------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

------------------------------------------------------------

Delete the following folders:

C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend
C:\Documents and Settings\Chris Robb\Application Data\FoxieSpywareSwiftSweeper

------------------------------------------------------------

Please tell me the content of the folllowing folders, or if you recognize them:

C:\Documents and Settings\All Users\Application Data\creative bind settings 4
C:\Documents and Settings\Chris Robb\Application Data\one settings tray

------------------------------------------------------------

Run the fl.bat tool once again. It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply

------------------------------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

------------------------------------------------------------

Run a new scan with HJT, save the log and post it.

Please return with results from:

findlop.txt
Kaspersky online scan
HJT

How is your system behaving now, please?

xiktpqx · 02-25-2006, 04:50 PM

In the creative bind settings folder there is a system file called FACE JUMP PHONE and the one settings tray folder contains nothing.
Volume in drive C has no label.
Volume Serial Number is E4B9-42B6

Directory of C:\Documents and Settings\All Users\Application Data

03/12/2005 11:39 AM <DIR> Adobe
03/12/2005 11:42 AM <DIR> Adobe Systems
16/01/2006 01:38 AM <DIR> AOL Downloads
28/07/2005 07:18 PM <DIR> BigPond
19/11/2005 05:56 PM <DIR> BVRP Software
07/10/2005 03:31 PM <DIR> creative bind settings 4
21/12/2005 02:21 AM 10 DragToDiscUserNameE.txt
26/11/2005 12:20 PM <DIR> Kodak
22/12/2004 08:30 AM <DIR> MSN6
22/11/2005 06:17 PM <DIR> nView_Profiles
11/12/2004 09:57 PM <DIR> pixelStorm
20/10/2004 04:24 PM <DIR> QuickTime
16/10/2005 12:01 AM <DIR> Spybot - Search & Destroy
18/07/2005 12:02 PM <DIR> Symantec
09/10/2005 04:55 PM <DIR> Windows Genuine Advantage
19/12/2005 02:08 AM <DIR> Yahoo! Companion
1 File(s) 10 bytes
15 Dir(s) 5,797,732,352 bytes free
Volume in drive C has no label.
Volume Serial Number is E4B9-42B6

Directory of C:\Documents and Settings\Chris Robb\Application Data

19/02/2006 12:50 PM <DIR> Adobe
28/08/2005 12:52 PM <DIR> Apple Computer
25/02/2006 11:20 AM <DIR> Azureus
28/07/2005 07:18 PM <DIR> BigPond
11/08/2004 03:48 PM <DIR> Help
30/07/2005 03:19 PM <DIR> Identities
10/09/2001 03:27 PM <DIR> InterTrust
09/10/2005 05:06 PM <DIR> Lavasoft
07/02/2005 09:37 PM <DIR> Macromedia
24/02/2006 06:54 PM <DIR> Media Player Classic
24/10/2004 11:04 PM <DIR> Mozilla
12/04/2005 01:50 PM <DIR> MSN6
07/10/2005 01:53 PM <DIR> one settings tray
03/12/2005 01:13 PM <DIR> Opera
28/07/2005 11:38 PM <DIR> Real
27/12/2005 12:17 AM <DIR> Roxio
11/06/2005 04:33 PM <DIR> Sun
19/07/2004 05:10 PM <DIR> Symantec
24/10/2004 11:04 PM <DIR> Talkback
11/08/2004 06:02 PM <DIR> Template
25/02/2006 10:21 PM <DIR> uTorrent
22/11/2005 10:03 PM <DIR> Xfire
0 File(s) 0 bytes
22 Dir(s) 5,797,732,352 bytes free
Volume in drive C has no label.
Volume Serial Number is E4B9-42B6

Directory of C:\Documents and Settings\Owner\Application Data

10/09/2001 03:27 PM <DIR> Adobe
10/09/2001 03:00 PM <DIR> Identities
10/09/2001 03:27 PM <DIR> InterTrust
0 File(s) 0 bytes
3 Dir(s) 5,797,732,352 bytes free
Volume in drive C has no label.
Volume Serial Number is E4B9-42B6

Directory of C:\Documents and Settings\Default User\Application Data

10/09/2001 03:27 PM <DIR> .
10/09/2001 03:27 PM <DIR> ..
12/11/2005 06:31 PM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 5,797,732,352 bytes free
Volume in drive C has no label.
Volume Serial Number is E4B9-42B6

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is E4B9-42B6

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, February 26, 2006 10:46:07 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 25/02/2006
Kaspersky Anti-Virus database records: 178650
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 94866
Number of viruses found: 10
Number of infected objects: 162
Number of suspicious objects: 0
Duration of the scan process: 01:21:47

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051162.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051163.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051164.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051165.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051166.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051167.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051168.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051169.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051170.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051171.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051172.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051173.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051174.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051175.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051176.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051177.exe Infected: not-a-virus:AdWare.Win32.Lop.ab skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051178.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051179.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051180.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051181.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051182.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051183.exe Infected: not-a-virus:AdWare.Win32.Lop.z skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051184.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051185.exe Infected: not-a-virus:AdWare.Win32.Lop.z skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051186.exe Infected: not-a-virus:AdWare.Win32.Lop.ab skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051187.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051188.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051189.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051190.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051191.exe Infected: not-a-virus:AdWare.Win32.Lop.z skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051192.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051193.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051194.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051195.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051196.exe Infected: not-a-virus:AdWare.Win32.Lop.ab skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051197.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051198.exe Infected: not-a-virus:AdWare.Win32.Lop.z skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051199.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051200.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051201.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051202.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051203.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051204.exe Infected: not-a-virus:AdWare.Win32.Lop.z skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051205.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051206.exe Infected: not-a-virus:AdWare.Win32.Lop.ab skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051207.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051208.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051209.exe Infected: not-a-virus:AdWare.Win32.Lop.ab skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051210.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051211.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051212.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051213.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051214.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051215.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051216.exe Infected: not-a-virus:AdWare.Win32.Lop.ab skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051217.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051218.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051219.exe Infected: not-a-virus:AdWare.Win32.Lop.ab skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051220.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051221.exe Infected: not-a-virus:AdWare.Win32.Lop.z skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051222.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051223.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051224.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051225.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051226.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051227.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051228.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051229.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051230.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051231.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051232.exe Infected: not-a-virus:AdWare.Win32.Lop.z skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051233.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051234.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051235.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051236.exe Infected: not-a-virus:AdWare.Win32.Lop.z skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051237.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051536.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051537.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051538.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051539.exe Infected: Trojan-Downloader.Win32.Swizzor.cb skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051540.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051541.exe Infected: not-a-virus:AdWare.Win32.Lop.z skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051542.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051543.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051544.exe Infected: not-a-virus:AdWare.Win32.Lop.z skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051545.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051546.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051547.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051548.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051549.exe Infected: Trojan-Downloader.Win32.Swizzor.ca skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051550.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051551.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051552.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051553.exe Infected: not-a-virus:AdWare.Win32.Lop.z skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051554.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051555.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051556.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051557.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051558.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051559.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051560.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051561.exe Infected: not-a-virus:AdWare.Win32.Lop.ab skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051562.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051563.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051564.exe Infected: not-a-virus:AdWare.Win32.Lop.ab skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051565.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051566.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051567.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051568.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051569.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051570.exe Infected: not-a-virus:AdWare.Win32.Lop.z skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051571.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051572.exe Infected: not-a-virus:AdWare.Win32.Lop.ab skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051573.exe Infected: not-a-virus:AdWare.Win32.Lop.ab skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051574.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051575.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051576.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051577.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051578.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051579.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051580.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051581.exe Infected: not-a-virus:AdWare.Win32.Lop.z skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051582.exe Infected: not-a-virus:AdWare.Win32.Lop.z skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051583.exe Infected: Trojan-Downloader.Win32.Swizzor.ca skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051584.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051585.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051586.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051587.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051588.exe Infected: not-a-virus:AdWare.Win32.Lop.z skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051589.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051590.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051591.exe Infected: not-a-virus:AdWare.Win32.Lop.z skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051592.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051593.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051594.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051595.exe Infected: not-a-virus:AdWare.Win32.Lop.ab skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051596.exe Infected: Trojan-Downloader.Win32.Swizzor.dh skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051597.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051598.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051599.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051600.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051601.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051602.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051603.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051604.exe Infected: not-a-virus:AdWare.Win32.Lop.ab skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051605.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051606.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051607.exe Infected: Trojan-Downloader.Win32.Swizzor.ca skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051608.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051609.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051610.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051611.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051612.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051613.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051614.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051615.exe Infected: not-a-virus:AdWare.Win32.Lop.ab skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051616.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\System Volume Information\_restore{9AF386A9-4901-4D13-BB61-E930791F3942}\RP104\A0051617.exe Infected: not-a-virus:AdWare.Win32.Lop.ad skipped
C:\WINDOWS\system32\o Infected: Trojan-Downloader.BAT.Ftp.ay skipped
F:\RECYCLER\S-1-5-21-1975344075-1274885478-237469328-500\Dc4\InstFile\WinVNC\othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
F:\RECYCLER\S-1-5-21-1975344075-1274885478-237469328-500\Dc4\InstFile\WinVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
F:\RECYCLER\S-1-5-21-1975344075-1274885478-237469328-500\Dc4\InstFile\WinVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 10:47:13 AM, on 26/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Compaq\eakdrv\STARTDRV.exe
C:\Compaq\eakdrv\EAKDRV.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Compaq\eakdrv\EAUSBKBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\CHRISR~1\LOCALS~1\Temp\Rar$EX00.859\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\My Documents\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\My Documents\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-au\msntb.dll (file missing)
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Compaq\eakdrv\STARTDRV.exe
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\MYDOCU~1\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\MYDOCU~1\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1132832078890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1132832059296
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{92DFCFAD-8CA7-46DD-A586-4E115138D625}: Domain = nsw.bigpond.net.au
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

tetonbob · 02-25-2006, 06:11 PM

OK, those folders are LOP also...you've had this infection for quite some time, according to the creation dates and the number of files created.

Please delete these files/folders if present:

C:\Documents and Settings\All Users\Application Data\creative bind settings 4
C:\Documents and Settings\Chris Robb\Application Data\one settings tray
C:\WINDOWS\system32\o

If they resist deletion, boot to safe mode and delete from there.

Be sure to empty the Recycle Bin on F drive as well.

Run CleanUp again, using the same settings as before.

Other than that, your logs appear clean.

Well done! Any more issues? If not you should be good to go. We still have a few items to address.

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Create a new System Restore point

click Start >> Run - type SYSDM.CPL & press Enter
select the System Restore Tab
tick on the checkbox - "Turn off System Restore on all drives"
click Apply
then untick the same checkbox & click OK

Enable Windows Auto Update

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
SpywareGuard to catch and block spyware before it can execute.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
AD-AWARE
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
IE-SPYAD
IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- Download IE-SpyAD - Extract the contents to a new folder
  From within the folder, double-click install.bat
  Select Option #2 - Install the new IE-SPYAD list.
  Then return to the main menu.
  Select option #4 - Add the old porn sites domain
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online antivirus scanners:

Anti-Spyware Tutorial

Here are two very good free Antivirus products which are available:
Avast!
AVG

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Winpatrol - Download and install the free version of Winpatrol.
A tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software

If you do not have a firewall, here are 4 free ones available for personal use:

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

Please respond to this thread one more time so we can mark this thread as resolved.

xiktpqx · 02-25-2006, 06:40 PM

Thank you so much for the help, I am having no trouble with popups and my connection is running so much better. Where do i find the f drive recycle bin?
Regards, Chris

tetonbob · 02-25-2006, 07:07 PM

Hi Chris -

I thought you had a multi-boot system. What's your F drive for, storage?

Just emptying the Recycle Bin once again should clear those last finds.

xiktpqx · 02-25-2006, 08:50 PM

Yeah its just a storage HDD, Thanks for all the help. Take care, Chris

02-24-2006, 06:04 PM	#1 (permalink)
xiktpqx Registered User Join Date: Feb 2006 Posts: 6 OS: Win Xp	My HJT logfile Any problems? I continuously get popups even after scans with updated versions of trand micro pc-cillin, and ad-aware 6.0 se. Any help please? Logfile of HijackThis v1.99.1 Scan saved at 12:01:55 PM, on 25/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe C:\Compaq\eakdrv\STARTDRV.exe C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe C:\WINDOWS\SOUNDMAN.EXE C:\Compaq\eakdrv\EAKDRV.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Compaq\eakdrv\EAUSBKBD.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\CHRISR~1\LOCALS~1\Temp\Rar$EX00.016\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer R3 - Default URLSearchHook is missing O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\My Documents\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {0EE4B025-2486-A43A-3EEA-4FA6781B8975} - C:\DOCUME~1\CHRISR~1\APPLIC~1\ONESET~1\sendroam.exe (file missing) O2 - BHO: (no name) - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - (no file) O2 - BHO: (no name) - {55274583-B958-A062-68D3-5440BCCE11B9} - C:\DOCUME~1\CHRISR~1\APPLIC~1\ONESET~1\sendroam.exe (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\My Documents\Companion\Installs\cpn\yt.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-au\msntb.dll (file missing) O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [ACTIVE DEAF LONG OPTION] C:\Documents and Settings\All Users\Application Data\skipmultiactivedeaf\rdrgrid.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Compaq\eakdrv\STARTDRV.exe O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\MYDOCU~1\MESSEN~1\YAHOOM~1.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\MYDOCU~1\MESSEN~1\YAHOOM~1.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1132832078890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1132832059296 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{92DFCFAD-8CA7-46DD-A586-4E115138D625}: Domain = nsw.bigpond.net.au O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe Last edited by xiktpqx; 02-24-2006 at 06:28 PM.

02-24-2006, 09:23 PM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,158 OS: 2000 Pro; XP Pro; XP Home	Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted. Download Ewido Security Suite Install Ewido Security Suite When installing, under "Additional Options" uncheck.. Install background guard Install scan via context menu Double-click the icon on Desktop to launch Ewido You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update Ewido When you have finished updating, EXIT Ewido. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it. NOTE Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility. Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider to Standard CleanUp! 3. Uncheck the following: Delete Newsgroup cache Delete Newsgroup Subscriptions Scan local drives for temporary files 4. Click OK 5. Press the CleanUp! button to start the program. Reboot/logoff when prompted. * CleanUp! will not create any backups!! Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if found: iMeshBar Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click Complete System Scan to begin scanning. Click OK when prompted to clean files With the first file it prompts to clean, select the option: "Perform action on all infections" Choose clean and click OK. Once finished, click the Save report button & save the report to your desktop ** Ewido scan would require at least an hour. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {0EE4B025-2486-A43A-3EEA-4FA6781B8975} - C:\DOCUME~1\CHRISR~1\APPLIC~1\ONESET~1\sendroam.ex e (file missing) O2 - BHO: (no name) - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - (no file) O2 - BHO: (no name) - {55274583-B958-A062-68D3-5440BCCE11B9} - C:\DOCUME~1\CHRISR~1\APPLIC~1\ONESET~1\sendroam.ex e (file missing) O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing) O4 - HKLM\..\Run: [ACTIVE DEAF LONG OPTION] C:\Documents and Settings\All Users\Application Data\skipmultiactivedeaf\rdrgrid.exe Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Also make sure there is no checkmark beside Hide file extensions for known file types * Click Yes to confirm and then click OK. Delete the following Files/Folders if they exist: C:\Documents and Settings\CHRISR~1\Application Data\ONESET~1<<<this will be a folder which begins with ONESET C:\Program Files\iMeshBar C:\Documents and Settings\All Users\Application Data\skipmultiactivedeaf Restart in normal mode. Perform an online scan with Internet Explorer with Panda ActiveScan Click on the "Free To Use ActiveScan" located on the top right hand corner Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place * Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on See report then click Save report Turn off the real time scanner of any existing antivirus program while performing the online scan Run a new HijackThis scan. Save the log file and post it here. Download fl.zip Extract the contents to a new folder on your Desktop. Within the folder, locate & double-click fl.bat. It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply Please return with logs from: Ewido Panda findlop.txt HJT __________________ Practice Safe Surfing* PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-25-2006, 08:03 AM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,158 OS: 2000 Pro; XP Pro; XP Home	Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. ------------------------------------------------------------ See this page for instructions on how to clear java's cache. ------------------------------------------------------------ Clear your Firefox cookies. From the open browser, go toTools>Options>Privacy>Cookies>Clear ------------------------------------------------------------ Empty your Recycle Bin ------------------------------------------------------------ Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad: REGEDIT4 [-HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}] Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards. ------------------------------------------------------------ Click on the Start button & select Run Type in tasks & click Ok In the ensuing window, click on the 'Advanced' menu (located above) & select 'View Hidden Tasks' Review all the tasks/jobs at hand. You should be able to recognise jobs that you have created yourself. Delete hidden jobs that look like these: AFAA2FFF93D5AE4B.job A06F1FEF91A49933.job A2C3205A93B8CDFA.job A36F645091B91BF0.job A42C6F7190EFE559.job You can recognise them by the fact that they're hidden & have names that consist of 16 random letters. ------------------------------------------------------------ Reboot to Safe Mode. ------------------------------------------------------------ Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Also make sure there is no checkmark beside Hide file extensions for known file types * Click Yes to confirm and then click OK. ------------------------------------------------------------ Delete the following folders: C:\Documents and Settings\Chris Robb\Application Data\Supportwaybend C:\Documents and Settings\Chris Robb\Application Data\FoxieSpywareSwiftSweeper ------------------------------------------------------------ Please tell me the content of the folllowing folders, or if you recognize them: C:\Documents and Settings\All Users\Application Data\creative bind settings 4 C:\Documents and Settings\Chris Robb\Application Data\one settings tray ------------------------------------------------------------ Run the fl.bat tool once again. It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply ------------------------------------------------------------ Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan ------------------------------------------------------------ Run a new scan with HJT, save the log and post it. Please return with results from: findlop.txt Kaspersky online scan HJT How is your system behaving now, please? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-25-2006, 06:11 PM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,158 OS: 2000 Pro; XP Pro; XP Home	OK, those folders are LOP also...you've had this infection for quite some time, according to the creation dates and the number of files created. Please delete these files/folders if present: C:\Documents and Settings\All Users\Application Data\creative bind settings 4 C:\Documents and Settings\Chris Robb\Application Data\one settings tray C:\WINDOWS\system32\o If they resist deletion, boot to safe mode and delete from there. Be sure to empty the Recycle Bin on F drive as well. Run CleanUp again, using the same settings as before. Other than that, your logs appear clean. Well done! Any more issues? If not you should be good to go. We still have a few items to address. Reset hidden/system files and folders Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide file extensions for known types option. Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Create a new System Restore point click Start >> Run - type SYSDM.CPL & press Enter select the System Restore Tab tick on the checkbox - "Turn off System Restore on all drives" click Apply then untick the same checkbox & click OK Enable Windows Auto Update Go to Start>Run - type wuaucpl.cpl tick on the checkbox - "Keep my computer up to date" Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items SpywareGuard to catch and block spyware before it can execute. SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here AD-AWARE Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here IE-SPYAD IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Download IE-SpyAD - Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list. Then return to the main menu. Select option #4 - Add the old porn sites domain MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online antivirus scanners: Anti-Spyware Tutorial Here are two very good free Antivirus products which are available: Avast! AVG It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software If you do not have a firewall, here are 4 free ones available for personal use: ZoneAlarm Avast Antivirus/Firewall Tiny Personal Firewall OutPost Firewall In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-25-2006, 06:40 PM	#7 (permalink)
xiktpqx Registered User Join Date: Feb 2006 Posts: 6 OS: Win Xp	Thank you so much for the help, I am having no trouble with popups and my connection is running so much better. Where do i find the f drive recycle bin? Regards, Chris

02-25-2006, 07:07 PM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,158 OS: 2000 Pro; XP Pro; XP Home	Hi Chris - I thought you had a multi-boot system. What's your F drive for, storage? Just emptying the Recycle Bin once again should clear those last finds. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-25-2006, 08:50 PM	#9 (permalink)
xiktpqx Registered User Join Date: Feb 2006 Posts: 6 OS: Win Xp	Yeah its just a storage HDD, Thanks for all the help. Take care, Chris