Tech Support Forum banner
Status
Not open for further replies.
21 - 40 of 51 Posts

·
Registered
Joined
·
73 Posts
Discussion Starter · #21 ·
Uninstall List:
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.5
AIM Toolbar
AOL Instant Messenger
ASAP Utilities
Avance AC'97 Audio
AVG Anti-Spyware 7.5
Belarc Advisor 6.1
BigFix
Canon i550
CleanUp!
CompuServe
Concord EyeQ Duo 2000 Digital Camera
Concord EyeQ Duo 2000 Memory Browser TWAIN Driver V1.00
Conexant SoftK56 Modem(M)
DataPilot USB Driver Pack
eTrust EZ Antivirus
Excel Utilities 1.5
Excel VBA Code Cleaner 4.4
Excel VBA Code Documentor 4.0
Google Earth
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
ICQ
Intel(R) Extreme Graphics Driver Software
iPod for Windows 2005-10-12
iTunes
Java 2 Runtime Environment Standard Edition v1.3.1
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Media Access
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Sounds
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (1.0.7)
MSXML 4.0 SP2 (KB927978)
Multimedia Keyboard Driver Ver1.0 (KB-0108)
Nokia Connectivity Cable Driver
Nokia PC Suite
PAL Spyware Remover 1.1
PowerDVD
QuickTime
RealPlayer Basic
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Software Update Manager
Software Update Manager
Spybot - Search & Destroy 1.3
Uninstall Broadxent DSI Modem
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
USB FTDI Driver
USB Universal Driver
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows SR 2.0
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WSEM Update
XY Chart Labeler 6.22


C:\ ProgramFiles\Grisoft\AVGAnti-Spyware7.5\Reports -- No contents

The AVG error message I think I closed.
 

·
Registered
Joined
·
73 Posts
Discussion Starter · #23 ·
Logfile of HijackThis v1.99.1
Scan saved at 2:17:51 PM, on 1/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\essspk.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\HiJackThis\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hotmail.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
 

·
Registered
Joined
·
2,335 Posts
REGISTRY FIX

Download the attached deevy.zip file at the bottom of this post to your desktop. Double click on the zip folder,
then double click on the .reg file within.
Click yes to allow it to merge into your registry.

Also, after the reg fix, please try and run AVG in the Safe Mode again. If it won't run in Safe, try Normal Mode and post the results.



Please update me on your system's] behavior
 

Attachments

·
Registered
Joined
·
73 Posts
Discussion Starter · #25 · (Edited)
more info

Okay I did the merge. Was able to do the AVG run in normal mode. Here is the report:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:37:35 PM 1/5/2007

+ Scan result:



HKLM\SOFTWARE\180solutions -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\WINDOWS\system32\apuc.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\eXactUtil -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BTGrabDll.BTGrabDllObj -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BTGrabDll.BTGrabDllObj.1 -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BTGrabDll.BTGrabDllObj\CLSID -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BTGrabDll.BTGrabDllObj\CurVer -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TwaintecDll.TwaintecDllObj -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TwaintecDll.TwaintecDllObj\CLSID -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TwaintecDll.TwaintecDllObj\CurVer -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ZServDll.ZServDllObj -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ZServDll.ZServDllObj.1 -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ZServDll.ZServDllObj\CLSID -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ZServDll.ZServDllObj\CurVer -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-3875968321-248529733-3075035829-1005\Software\BTGrab -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-3875968321-248529733-3075035829-1005\Software\MxTarget -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-3875968321-248529733-3075035829-1005\Software\ZServ -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\mxTarget.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\preInsMt.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\preInsTT.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\twaintec.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WinadX.Installer -> Adware.BlazeFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WinadX.Installer\CLSID -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\Program Files\Lycos\Sidesearch\ClrSchUninstall_78_86.exe -> Adware.ClearSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-3875968321-248529733-3075035829-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7C3CF0-4B15-11D1-ABED-709549C10000} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Wbho.Band -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Wbho.Band.1 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-3875968321-248529733-3075035829-1005\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-3875968321-248529733-3075035829-1005\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-3875968321-248529733-3075035829-1005\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-3875968321-248529733-3075035829-1005\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
C:\Program Files\Media Access -> Adware.MediaAccess : Cleaned with backup (quarantined).
C:\Program Files\Media Access\Info.txt -> Adware.MediaAccess : Cleaned with backup (quarantined).
C:\HiJackThis\backups\backup-20061231-200405-543.inf -> Adware.MediaTickets : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj.1 -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CLSID -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CurVer -> Adware.MoneyTree : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\Other Security Applications -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\PopupE.ico -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\Quarantine -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\Reports -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\Reports\2004-6-1853729.94.log -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\Reports\2004-6-1941753.33.log -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\Reports\2004-7-534902.67.log -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\Reports\2004-7-980193.78.log -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\ee.ico -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\ee.url -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\klp.ico -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\klp.url -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\pct.ico -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\pct.url -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\popupe.url -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\psapi.dll -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\ref.dat -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\spyrem.exe -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\spyrem.url -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\spyremhlp.url -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\spyremreg.url -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\unins000.dat -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\PAL SPYREM\unins000.exe -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PAL Spyware Remover_is1 -> Adware.PALSpywareRemover : Cleaned with backup (quarantined).
HKLM\SOFTWARE\PowerScan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP840\A0088505.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA Software Installer -> Adware.SafeSurfing : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Software Installer -> Adware.SafeSurfing : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSE.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll -> Adware.Sidesearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{00000000-F09C-02B4-6EC2-AD0300000000} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).
HKU\S-1-5-21-3875968321-248529733-3075035829-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-C1EC-0345-6EC2-4D0300000000} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).
C:\Program Files\Web_Rebates -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Program Files\Web_Rebates\Da1150 -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Program Files\Web_Rebates\Da1150\1150sh.dat -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Program Files\Web_Rebates\Sy1150 -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Program Files\Web_Rebates\Sy1150\Images -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Program Files\Winad Client\ClientCom.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Winad Client\WinClt.exe -> Adware.WinAD : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Adware.WinAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Adware.WinAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Adware.WinAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Media Access -> Adware.WinAD : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Access -> Adware.WinAD : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom -> Dialer.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom\CurVer -> Dialer.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\wsem302.dll -> Downloader.Dyfuca.dc : Cleaned with backup (quarantined).
C:\HiJackThis\backups\backup-20061231-200404-957.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dνdplay.exe -> Downloader.PurityScan.n : Cleaned with backup (quarantined).
C:\WINDOWS\UnstSA2.exe -> Dropper.Delf.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP841\A0088558.dll -> Hijacker.Delf.r : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dawn Deevy\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dawn Deevy\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.178:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.179:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.180:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.160:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.161:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.30:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Firefox\Profiles\q07ec3oc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.172:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.173:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.191:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.45:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.46:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.47:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.49:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.53:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.54:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.55:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.56:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.57:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.14:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Firefox\Profiles\q07ec3oc.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.40:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.72:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.73:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.74:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.197:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.55:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Firefox\Profiles\q07ec3oc.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.56:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Firefox\Profiles\q07ec3oc.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.27:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.28:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.29:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.115:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.63:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Firefox\Profiles\q07ec3oc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.64:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Firefox\Profiles\q07ec3oc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.23:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Firefox\Profiles\q07ec3oc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.24:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Firefox\Profiles\q07ec3oc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.25:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Firefox\Profiles\q07ec3oc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.61:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.62:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.63:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.64:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.65:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.66:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Dawn Deevy\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.124:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.125:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.171:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.136:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.141:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.142:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.143:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.144:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.145:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.146:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.164:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.165:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.166:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.167:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.168:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Profiles\dawnnet\ieup0uj8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.60:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Firefox\Profiles\q07ec3oc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.61:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Firefox\Profiles\q07ec3oc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.62:C:\Documents and Settings\Dawn Deevy\Application Data\Mozilla\Firefox\Profiles\q07ec3oc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\HiJackThis\backups\backup-20061231-200405-254.dll -> Trojan.Dialer.fu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP840\A0088506.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

Anotherweird thing I just noticed that there are a couple of word docs http://www.techsupportforum.com/images/icons/icon_exclaim.gif
Exclamation on my desktop that are similiar to word docs I have in my documents- That just appeared!
such as -- ~$dyMacbeth.txt When I open it this is what it looks like-

DD D D U n k n o w n

It didn't actualy copy correctly there are lots of little boxes between the words.
Thanks again for your tireless help.

There are a few of these on my desktop and upon going into my documents am finding more?????
 

·
Registered
Joined
·
2,335 Posts
If you read through the AVG log, you will see all the hidden junk which was not brought out by HJT (which does not see everything).
This is why I really wanted that scan. The txt files should not be malware but if you can let me know what the files are, I'll look them over.
Please follow these next steps and let me know how your system is behaving.


----------------------------------------



CLEAR AVG A/S QUARANTINE

  • Launch AVG A/S
  • Click on Show Quarantine
  • Click on Select All
  • Click on Remove Finally
  • Close AVG A/S



Clear Firefox' Cookies

  • Open Firefox.
  • Click Tools » Options.
  • Click the Privacy tab, then the Cookies tab.
  • Click the Clear Cookies Now button.
  • Then click OK to exit.



Clean Temporary Files

  • Go to Start » Run » type: cleanmgr » OK.
  • Choose (C:) and then click OK.
  • Make sure these are the only ones that are checked :
    • Temporary Internet Files
    • Temporary Files
    • Recycle Bin
  • Click OK to remove them.
  • Click Yes to confirm the deletion.
 

·
Registered
Joined
·
73 Posts
Discussion Starter · #27 ·
Done
done
done.
The files:
~$dyMacbeth.txt I open and get boxes.

~$words.wps-This one when I tried to open says "word cannot start the converter Works 532.cnv. I click okay then a popup says " word cannot start the converter WORKS332.snv >okay> works432.cnv>click okay>532.cnv. again>then I click okay> WORKS332.snv comes again>I click okay> works432.cnv again afew more times same messages then a popup comes that says- FILE CONVERSION--$words.wps Select the encoding that makes your readable. Text encoding: gives me options of windows default; MS-DOS; and other encoding which is checked Japanese (shift-JIS)
 

·
Registered
Joined
·
2,335 Posts

This sounds like a MS Office file either missing or corrupted. I would like you to post this info in the Microsoft Office Support forum.
The folks there can give you better support than I can. Please let them know your system was cleaned in the HJT forum.

Your logs are now clean. Please complete the next "housekeeping" steps and read through the information below.


----------------------------------------

Windows XP - Reset Hidden Files


  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

----------------------------------------

Clean-out and Reset System Restore

This will clean out any junk or malicious files left behind in System Restore

  • To turn off System Restore click Start > Right Click My Computer > Properties.
  • Click the System Restore tab and Check
  • "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply.
  • When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

  • Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties.
  • Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
  • Click Apply, and then OK.

This will create a new Restore Point.

----------------------------------------

RE-ENABLE ANTI-SPYWARE APPLICATIONS

If you were instructed to dis-able Anti-spyware applications during this fix, you may re-enable them

----------------------------------------

Please read through the following information to help protect your computer in the future.


KEEP YOUR OPERATING SYSTEM UPDATED

Please ensure that you have already patched your system against the recent WMF exploit. Go to this page to get the KB912919 patch

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser
up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft
and download all the critical updates to help prevent possible re-infection.


ENABLE WINDOWS AUTO UPDATE

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".


ENABLE WINDOWS AUTO UPDATE

From within Internet Explorer click on the Tools menu and then click on Internet Options.
  • Select the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Select Custom Level .
      • Change 'Download signed ActiveX controls' to Prompt
      • Change 'Download unsigned ActiveX controls' to Disable
      • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
      • Change 'Installation of desktop items' to Prompt
      • Change 'Launching programs and files in an IFRAME' to Prompt
      • Change 'Navigate sub-frames across different domains' to Prompt
      • When all these changes have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Select OK to exit the Internet Properties page.



TOOLS TO HELP KEEP YOUR SYSTEM CLEAN

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
  • After you have updated, click the button - enable protection for all unprotected items


SpywareGuard to catch and block spyware before it can execute.


SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its
TeaTimer option.
This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with
the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here


AD-AWARE Download and install Ad-Aware. You should use this program to scan
your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product
can be found here


IE-SPYAD IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Download IE-SpyAD - Extract the contents to a new folder
  • From within the folder, double-click install.bat
  • Select Option #2 - Install the new IE-SPYAD list.
  • Then return to the main menu.
  • Select option #4 - Add the old porn sites domain

A tutorial for IE-SPYAD can be found here


MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file
with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to
those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.

  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
  • Click Next, click Next, select the option:
    "Show Extracted files"
  • Click Finish

This will open the newly created hosts folder on your Desktop.

Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated
HOSTS file to the correct location on your machine.


MCAFEE SITE ADVISOR SITE ADVISOR is a free IE plug-in (also suport for Firefox browser)
which is used in conjunction with the Google search engine. It advises which web sites are considered safe and which sites could pose a problem.
It also shows what problems were encountered with each site, such as malicious downloads, spam, and related links.


ANTI-VIRUS AND FIREWALL PROGRAMS


ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online antivirus scanners: Anti-Spyware Tutorial

Here are some very good free Antivirus products which are available:




If you do not have a firewall, here are 4 free ones available for personal use:

Understanding and Using Firewalls



INFORMATIONAL READING


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:




Please respond one more time and let me know you received this post.



If you feel that we have helped you, please help us keep this site free for all. Please visit our DONATION PAGE.
 

·
Registered
Joined
·
73 Posts
Discussion Starter · #29 ·
Hi, When I got to the KB912919 path, it was recommended that I back up my system before installing, which I attempted and got a window saying:
Backup Status
Operation: Backup
Active backup destination: File
Media name: "Backup.bkf created 1/6/2007 at 4:58 PM"

Backup Status
The files for the recovery diskette could not be created. The operation was aborted.

----------------------

The operation did not successfully complete.
Once again am on hold.
 

·
Registered
Joined
·
2,335 Posts
This looks like an XP issue. Please post in the XP Support forum as it does not appear to be malware related.
Since I deal mainly with malware removal, those folks can give you better support.
 

·
Registered
Joined
·
73 Posts
Discussion Starter · #31 ·
Okay I wrote to them asking what to do next- Should I continue with your fix ( I have the software install window open- waiting for a reply)or wait?
 

·
Registered
Joined
·
73 Posts
Discussion Starter · #32 ·
By the way that issue with the strange docs was resolved after I did the reset of hidden files
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello Deevy,

I'll just step in for a second as fred is not online at the moment and you have the download/install of that security patch open and waiting.

You may just cancel that download--you already have that patch installed. Please refer to your list of Add/Remove programs Security Update for Windows XP (KB912919) :smile:

As long as you follow fred's instructions on enabling Windows Automatic Updates, you'll always be up to date on the Critical System Updates. :sayyes:
 

·
Registered
Joined
·
73 Posts
Discussion Starter · #34 ·
Great. I wondered, as windows update has been enabled. I went through and performed other actions- added spyware blaster;already had spybot- ran it;Ad-adware would not download-IE-Spyay I downloaded, however there is no install.bat in the the folder....
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Where did you unzip the files to? What is in the folder you are looking in?
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Ok, open that folder and tell me what you do see inside it.
 

·
Registered
Joined
·
73 Posts
Discussion Starter · #38 ·
There are Three folders:
Adult within that are adult reg. files;adult-not;adult uninstall
Next a file that says Old; inside-uninstall-note
Third file-Choice it's contents are ms -dos application other just says choice
-Copying File
ie-ads rgistration entries
ie-ads-uninstall (reg entries)
install MS_DOS Batch File Which I can open and I get a window with a list of 5 options (uninstall;Install;Remove Old Porn; Add old Porn & Exit ) It asks what I want to do....... NOW IT SEEMS TO BE LETTING ME IN!!!!! It did not before I swear!!!
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
As fred's instructions explained, IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list.

This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.

Do select Option 4. It is not putting old porn sites onto your system--it is placing them in the restricted list.
 
21 - 40 of 51 Posts
Status
Not open for further replies.
Top