could someone look this over and tell me if anything is bad(besides weatherbug, ill let him know to take it off) Logfile of HijackThis v1.99.1 Scan saved at 4:41:09 AM, on 11/6/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Digital Line Detect\DLG.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Others\Desktop\kevin\HijackThis_v1.99.1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=54834 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\PornPass Manager\isaddon.dll (file missing) O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: TVEngine Helper - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\hbtools\hbtv\hbtvhelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: (no name) - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - (no file) O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\PornPass Manager\iesplugin.dll (file missing) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab? O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159315941984 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file) O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS\system32\okkmtv.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe the main problem is a little question mark/blue circle with yellow X(flashes back and forth) in the taskbar, and pops up a balloon the says he has virus' and click here for everything u need to remove, but it opens IE and ALOT of tabs. ive already scanned with AVG free, and got rid of a trojon and trojon downloader.. thanks kevin
Looks like some of the Zlob has been removed, but one file still remains in the HjT log so I'm sure it has hit the System Restore. Turn off System Restore. Right-click My Computer > Properties > System Restore tab > check "Turn off System Restore". Click Apply then OK. Please do not turn it back on until we know the machine is clean. Go to Add/Remove Programs and uninstall [bold]Hotbar[/bold] if it is listed. Go here to download the trial version of [bold]AVG Anti-spyware[/bold]. Install and open AVGAS. Click "[bold]Update[/bold]" then click "[bold]Start update[/bold]". After updating, close AVGAS. [bold]Note[/bold]: Print or copy these instructions to Notepad and asave them. You will be in safe mode and can't access the internet. Restart your computer in safe mode(press [bold]F8[/bold] upon boot, select "[bold]Safe Mode[/bold]" from menu and press [bold]Enter[/bold]). Open AVGAS and click "[bold]Scanner[/bold]". Click "[bold]Complete System Scan[/bold]". When it finishes scanning, set all items to "[bold]Quarantine[/bold]". Click "[bold]Apply All Actions[/bold]". Click "[bold]Save Report[/bold]" and save it to the desktop. Restart in normal mode. Download SmitfraudFix.zip to the desktop from here * Extract the files to the desktop. * Open the newly created folder SmitfaudFix. * Double-click smitfraudfix.cmd * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt. Please do not run other options unless requested. Run a scan only with HijackThis, check these(if there): [bold]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Ser...omeLeftPane.htm O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\PornPass Manager\isaddon.dll (file missing) O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: (no name) - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - (no file) O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\PornPass Manager\iesplugin.dll (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file) O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS\system32\okkmtv.dll [/bold] Close all windows except HijackThis, then click "Fix checked". Please post back with the AVGAS report, the contents of rapport.txt and a new HijackThis log.
Niobis- AVGAS- --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 2:25:21 AM 11/7/2006 + Scan result: C:\Program Files\AntiVermins -> Adware.AntiVermins : No action taken. C:\Program Files\AntiVermins\AntiVermins.exe -> Adware.AntiVermins : No action taken. C:\Program Files\AntiVermins\av.ini -> Adware.AntiVermins : No action taken. HKLM\SOFTWARE\Classes\Interface\{0BE87CAF-1C8E-43C7-A476-5AF1A2F5A43F} -> Adware.AntiVermins : No action taken. HKLM\SOFTWARE\Classes\Interface\{0CD726EC-F1F5-4210-9011-EE6B5332A279} -> Adware.AntiVermins : No action taken. HKLM\SOFTWARE\Classes\Interface\{1EFD4366-6676-4AF7-A88A-872A49E2601D} -> Adware.AntiVermins : No action taken. HKLM\SOFTWARE\Classes\Interface\{3B3FA480-138E-47E6-B79A-9A0F7B2846D5} -> Adware.AntiVermins : No action taken. HKLM\SOFTWARE\Classes\Interface\{3E186CE2-1ABB-45D6-A4B9-4FCD11FBB014} -> Adware.AntiVermins : No action taken. HKLM\SOFTWARE\Classes\Interface\{4AF8E04F-0D5E-4C3F-BA67-81B685584C12} -> Adware.AntiVermins : No action taken. HKLM\SOFTWARE\Classes\Interface\{6C80C5B2-4748-411C-8120-09426F8ED212} -> Adware.AntiVermins : No action taken. HKLM\SOFTWARE\Classes\Interface\{748C9204-6C92-485B-8BF8-3AF7ECF03CDE} -> Adware.AntiVermins : No action taken. HKLM\SOFTWARE\Classes\Interface\{C27D97E9-004B-4F4F-A5B0-B7188DDAE024} -> Adware.AntiVermins : No action taken. HKLM\SOFTWARE\Classes\Interface\{C3176A2C-3119-4F7F-B847-62B5EE6763E5} -> Adware.AntiVermins : No action taken. HKLM\SOFTWARE\Classes\Interface\{CAC16E1A-D86B-428A-BB7B-65F2D2BFC160} -> Adware.AntiVermins : No action taken. HKLM\SOFTWARE\Classes\Interface\{DD369501-EDE4-4E99-8728-7C9E4BBE6BE8} -> Adware.AntiVermins : No action taken. HKLM\SOFTWARE\Classes\Interface\{EAC1ACCD-7790-4991-A9D2-550806D6D9C3} -> Adware.AntiVermins : No action taken. HKLM\SOFTWARE\Classes\Interface\{EF2AA606-B72E-4A1B-B076-8B148661F3B7} -> Adware.AntiVermins : No action taken. HKLM\SOFTWARE\Classes\Interface\{F9476885-40EB-4405-878A-193BAF18CE9B} -> Adware.AntiVermins : No action taken. HKLM\SOFTWARE\Classes\TypeLib\{13693777-5B9D-4AFC-99F1-650F569A0EB0} -> Adware.AntiVermins : No action taken. C:\Program Files\AntivirusGolden -> Adware.AntiVirusGolden : No action taken. C:\Program Files\AntivirusGolden\AntivirusGolden.exe -> Adware.AntiVirusGolden : No action taken. C:\Program Files\AntivirusGolden\DbgHelp.Dll -> Adware.AntiVirusGolden : No action taken. C:\Program Files\AntivirusGolden\Logs -> Adware.AntiVirusGolden : No action taken. C:\Program Files\AntivirusGolden\Logs\scan_log_10232006-145727.html -> Adware.AntiVirusGolden : No action taken. C:\Program Files\AntivirusGolden\Logs\scan_log_10232006-214215.html -> Adware.AntiVirusGolden : No action taken. C:\Program Files\AntivirusGolden\Logs\scan_log_10232006-234546.html -> Adware.AntiVirusGolden : No action taken. C:\Program Files\AntivirusGolden\Logs\scan_log_10242006-011810.html -> Adware.AntiVirusGolden : No action taken. C:\Program Files\AntivirusGolden\Logs\scan_log_10242006-070045.html -> Adware.AntiVirusGolden : No action taken. C:\Program Files\AntivirusGolden\Logs\scan_log_10242006-130811.html -> Adware.AntiVirusGolden : No action taken. C:\Program Files\AntivirusGolden\Logs\scan_log_10242006-214810.html -> Adware.AntiVirusGolden : No action taken. C:\Program Files\AntivirusGolden\Logs\scan_log_10252006-012215.html -> Adware.AntiVirusGolden : No action taken. C:\Program Files\AntivirusGolden\Logs\scan_log_10252006-112635.html -> Adware.AntiVirusGolden : No action taken. C:\Program Files\AntivirusGolden\Logs\scan_log_10252006-132358.html -> Adware.AntiVirusGolden : No action taken. C:\Program Files\AntivirusGolden\Logs\scan_log_10252006-210238.html -> Adware.AntiVirusGolden : No action taken. C:\Program Files\AntivirusGolden\Logs\scan_log_10262006-000833.html -> Adware.AntiVirusGolden : No action taken. C:\Program Files\AntivirusGolden\Logs\scan_log_10262006-014430.html -> Adware.AntiVirusGolden : No action taken. C:\Program Files\AntivirusGolden\Logs\scan_log_10262006-015105.html -> Adware.AntiVirusGolden : No action taken. HKLM\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\CLSID\{020B1227-417D-4682-9AC3-61F43CB5B6B1} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\CLSID\{125494B2-ACAD-414c-98B9-452F3EF7703A} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\CLSID\{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\CLSID\{20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\CLSID\{3D00A39C-655B-428b-AEB2-2FBA03DCC49C} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\CLSID\{408F660A-9465-44a3-B557-8709DFD992BC} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\CLSID\{5F6BBD8A-18CF-4d55-8B4C-C9B4C9328DFE} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\CLSID\{8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\CLSID\{8EE6BF73-B370-4d13-9126-EB0071178F2E} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\CLSID\{97F56E12-C706-4aeb-9FFB-133C05EE5D38} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\CLSID\{9BB7E700-4E48-476d-B75C-6F47606BE988} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\CLSID\{CBCACA58-1AEE-4600-8CF0-E8B30BFF1535} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\CLSID\{D6D64CDF-0363-4261-B723-29A3AF365E1D} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\Interface\{27ED4AC2-B6D8-4079-9831-017A100B391E} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\Interface\{3F6D6C35-FB73-45E6-9473-BB4CC25CE019} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\Interface\{715D709B-2B10-42FA-A069-297D25D93601} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\Interface\{872C1B1E-3CF0-4D3A-95E5-A0C662D2854C} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\Interface\{886B1D08-B404-40F0-AA18-4E416682A2E9} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\Interface\{8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\Interface\{925B0211-A1C1-4712-8FCA-5F5B8101736D} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\Interface\{B01E37C4-5497-4D58-9FFD-D5653B8DC866} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\Interface\{CCAA201C-C48D-48A8-A1E8-846562CBF1C1} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\Interface\{D483521B-D5CC-43FF-A45A-9BE4A8E6606E} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\Interface\{ED2AFF47-B7BE-4273-A203-C796E87F72D2} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\Interface\{F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\Interface\{F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\Interface\{FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\Interface\{FDDF521B-0EBE-4D15-838C-73E2D851161B} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\Interface\{FF609434-EB47-481B-BA0E-1D2B467629A5} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\TypeLib\{60F94D7D-563E-4942-B5EC-2DE9C135C139} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.Generic : No action taken. HKU\S-1-5-21-2145235453-1719508511-817114545-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F} -> Adware.Generic : No action taken. C:\Documents and Settings\Mary Gerena\Local Settings\Temp\em3588\HbTools.mlpX -> Adware.HotBar : No action taken. C:\Program Files\Hotbar -> Adware.HotBar : No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : No action taken. HKU\S-1-5-21-2145235453-1719508511-817114545-1008\Software\Internet Security -> Adware.IntCodec : No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\contrabandists -> Adware.VirusBurst : No action taken. HKLM\SOFTWARE\Classes\Interface\{0065CDBC-2439-4365-A7E7-BF5B853BF49D} -> Adware.VirusBurster : No action taken. HKLM\SOFTWARE\Classes\Interface\{19DACF08-A207-4271-AA22-C138F512E787} -> Adware.VirusBurster : No action taken. HKLM\SOFTWARE\Classes\Interface\{3E37C978-9E24-42FA-B021-B56CAAFDB694} -> Adware.VirusBurster : No action taken. HKLM\SOFTWARE\Classes\Interface\{4130008C-5697-4EF5-9EDE-EF8F9F10D524} -> Adware.VirusBurster : No action taken. HKLM\SOFTWARE\Classes\Interface\{4F4A0564-17DE-4EB2-B29E-6D2E167A3BE0} -> Adware.VirusBurster : No action taken. HKLM\SOFTWARE\Classes\Interface\{6B067ED9-4AEC-474E-B67E-85EF417D68BA} -> Adware.VirusBurster : No action taken. HKLM\SOFTWARE\Classes\Interface\{9188A88D-3D41-4EB6-A7D8-0F6A5266F685} -> Adware.VirusBurster : No action taken. HKLM\SOFTWARE\Classes\Interface\{B660CDE9-526E-41FE-AB41-773D78BEE31E} -> Adware.VirusBurster : No action taken. HKLM\SOFTWARE\Classes\Interface\{B6A0AA8A-7CB1-44F0-ACE7-7A69739C8674} -> Adware.VirusBurster : No action taken. HKLM\SOFTWARE\Classes\Interface\{BF8A0E53-F417-413A-B849-B5C0086EEF8A} -> Adware.VirusBurster : No action taken. HKLM\SOFTWARE\Classes\Interface\{C36464A1-2D2F-4804-AAF6-F5BD62536ADB} -> Adware.VirusBurster : No action taken. HKLM\SOFTWARE\Classes\Interface\{CA74BAFC-1F0C-49B1-8A76-5D55085E71FB} -> Adware.VirusBurster : No action taken. HKLM\SOFTWARE\Classes\Interface\{D0722752-35B5-44E1-A14A-E2A44C41F509} -> Adware.VirusBurster : No action taken. HKLM\SOFTWARE\Classes\Interface\{EE2EAC90-8B01-49D4-B46C-8E02BDA1F3B4} -> Adware.VirusBurster : No action taken. HKLM\SOFTWARE\Classes\Interface\{F7F932D6-A6BE-4273-9950-ECBD72170DBF} -> Adware.VirusBurster : No action taken. HKLM\SOFTWARE\Classes\Interface\{FD34EB96-89FA-43CC-9C37-D1D5B099D28F} -> Adware.VirusBurster : No action taken. HKLM\SOFTWARE\Classes\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108} -> Adware.VirusBurster : No action taken. C:\WINDOWS\system32\okkmtv.dll -> Not-A-Virus.Hoax.Win32.Renos.gb : No action taken. [852] C:\WINDOWS\system32\okkmtv.dll -> Not-A-Virus.Hoax.Win32.Renos.gb : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@cardeanuniversity.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@tcompany.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@viamtvcom.112.2o7[2].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Others\Cookies\others@2o7[2].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Others\Cookies\others@ford.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken. C:\Documents and Settings\Others\Cookies\others@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken. C:\Documents and Settings\Others\Cookies\others@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@advertising[1].txt -> TrackingCookie.Advertising : No action taken. C:\Documents and Settings\Others\Cookies\others@advertising[1].txt -> TrackingCookie.Advertising : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. C:\Documents and Settings\Others\Cookies\others@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken. C:\Documents and Settings\Others\Cookies\others@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : No action taken. C:\Documents and Settings\Others\Cookies\others@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken. C:\Documents and Settings\Others\Cookies\others@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@centrport[1].txt -> TrackingCookie.Centrport : No action taken. C:\Documents and Settings\Others\Cookies\others@centrport[1].txt -> TrackingCookie.Centrport : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@vip.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken. C:\Documents and Settings\Others\Cookies\others@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken. C:\Documents and Settings\Others\Cookies\others@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@e-2dj6wfk4olc5efo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@e-2dj6wfk4wicjmdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@e-2dj6wfkiagd5afo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@e-2dj6wfkismczkbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@e-2dj6wfkoohdjohq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@e-2dj6wfl4uodpabo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@e-2dj6wfloamdzahp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@e-2dj6wgkywicpskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@e-2dj6wgliolcpieq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@e-2dj6wjk4umdzsep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@e-2dj6wjkoojczwdq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@e-2dj6wjkycjdpkep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@e-2dj6wjkyshc5clp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Others\Cookies\others@e-2dj6wfk4koajgaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Others\Cookies\others@e-2dj6wfkiagd5afo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Others\Cookies\others@e-2dj6wfkialcjkho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Others\Cookies\others@e-2dj6wfkiqjc5wco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Others\Cookies\others@e-2dj6wfkoohdjohq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Others\Cookies\others@e-2dj6wfl4uodpabo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Others\Cookies\others@e-2dj6wjkoojczwdq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Others\Cookies\others@e-2dj6wjkowocjchp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Others\Cookies\others@e-2dj6wjkyshc5clp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Others\Cookies\others@e-2dj6wjkywhdpgcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Others\Cookies\others@e-2dj6wjlianajwkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Others\Cookies\others@e-2dj6wjlosjdzigq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Others\Cookies\others@e-2dj6wjlywlc5adp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Others\Cookies\others@e-2dj6wjmiqgczkao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Others\Cookies\others@e-2dj6wjmiulczego.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Others\Cookies\others@e-2dj6wjnycgdjwlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken. C:\Documents and Settings\Others\Cookies\others@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken. C:\Documents and Settings\Others\Cookies\others@c.goclick[2].txt -> TrackingCookie.Goclick : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@ehg-davidsbridal.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@ehg-ifilm.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. C:\Documents and Settings\Others\Cookies\others@ehg-overseenet.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. C:\Documents and Settings\Others\Cookies\others@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@counter.hitslink[1].txt -> TrackingCookie.Hitslink : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@linksynergy[1].txt -> TrackingCookie.Linksynergy : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@sales.liveperson[3].txt -> TrackingCookie.Liveperson : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken. C:\Documents and Settings\Others\Cookies\others@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken. C:\Documents and Settings\Others\Cookies\others@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken. C:\Documents and Settings\Others\Cookies\others@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@data2.perf.overture[1].txt -> TrackingCookie.Overture : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@overture[2].txt -> TrackingCookie.Overture : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@perf.overture[1].txt -> TrackingCookie.Overture : No action taken. C:\Documents and Settings\Others\Cookies\others@overture[2].txt -> TrackingCookie.Overture : No action taken. C:\Documents and Settings\Others\Cookies\others@perf.overture[1].txt -> TrackingCookie.Overture : No action taken. C:\Documents and Settings\Others\Cookies\others@paycounter[1].txt -> TrackingCookie.Paycounter : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken. C:\Documents and Settings\Others\Cookies\others@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken. C:\Documents and Settings\Others\Cookies\others@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken. C:\Documents and Settings\Others\Cookies\others@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken. C:\Documents and Settings\Others\Cookies\others@revenue[2].txt -> TrackingCookie.Revenue : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken. C:\Documents and Settings\Others\Cookies\others@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : No action taken. C:\Documents and Settings\Others\Cookies\others@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@sextracker[1].txt -> TrackingCookie.Sextracker : No action taken. C:\Documents and Settings\Others\Cookies\others@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken. C:\Documents and Settings\Others\Cookies\others@counter12.sextracker[2].txt -> TrackingCookie.Sextracker : No action taken. C:\Documents and Settings\Others\Cookies\others@counter14.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken. C:\Documents and Settings\Others\Cookies\others@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken. C:\Documents and Settings\Others\Cookies\others@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken. C:\Documents and Settings\Others\Cookies\others@counter4.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken. C:\Documents and Settings\Others\Cookies\others@counter5.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken. C:\Documents and Settings\Others\Cookies\others@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken. C:\Documents and Settings\Others\Cookies\others@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken. C:\Documents and Settings\Others\Cookies\others@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken. C:\Documents and Settings\Others\Cookies\others@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken. C:\Documents and Settings\Others\Cookies\others@sextracker[2].txt -> TrackingCookie.Sextracker : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken. C:\Documents and Settings\Others\Cookies\others@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@anat.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken. C:\Documents and Settings\Others\Cookies\others@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken. C:\Documents and Settings\Others\Cookies\others@anat.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken. C:\Documents and Settings\Others\Cookies\others@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@login.tracking101[2].txt -> TrackingCookie.Tracking101 : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken. C:\Documents and Settings\Others\Cookies\others@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken. C:\Documents and Settings\Others\Cookies\others@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@clickthrough.wegcash[2].txt -> TrackingCookie.Wegcash : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@free.wegcash[2].txt -> TrackingCookie.Wegcash : No action taken. C:\Documents and Settings\Others\Cookies\others@clickthrough.wegcash[1].txt -> TrackingCookie.Wegcash : No action taken. C:\Documents and Settings\Others\Cookies\others@programs.wegcash[2].txt -> TrackingCookie.Wegcash : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken. C:\Documents and Settings\Others\Cookies\others@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken. C:\Documents and Settings\Mary Gerena\Cookies\mary_gerena@zedo[2].txt -> TrackingCookie.Zedo : No action taken. C:\Documents and Settings\Others\Cookies\others@zedo[2].txt -> TrackingCookie.Zedo : No action taken. ::Report end rapport.txt: SmitFraudFix v2.119 Scan done at 2:34:55.78, Tue 11/07/2006 Run from C:\Documents and Settings\Others\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Others »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Others\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND ! C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Others\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\PowerCodec\ FOUND ! C:\Program Files\TrueCodec\ FOUND ! C:\Program Files\VideoCompressionCodec\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells" [HKEY_CLASSES_ROOT\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32] @="C:\WINDOWS\system32\okkmtv.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32] @="C:\WINDOWS\system32\okkmtv.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End and HJT: Logfile of HijackThis v1.99.1 Scan saved at 2:42:33 AM, on 11/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe c:\program files\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Documents and Settings\Others\Desktop\kevin\HijackThis_v1.99.1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID} R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=54834 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: TVEngine Helper - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\hbtools\hbtv\hbtvhelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab? O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159315941984 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe thanks alot, the pop up balloon is gone, im defraging right now. his main complaint was it being slow, but is only a 1.7ghz notebook(dell Inspiron B130).. but please let me know if u see anything else Thanks, ~Kevin
Popups will come back. You didn't set items found to Quarantine. But first, run option 2 in SmitfraudFix. [bold]Note[/bold]: Print or copy these instructions to Notepad and save them. You will be in safe mode and can't access the internet. * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Open the SmitFruadFix folder. * Double-click smitfraudfix.cmd * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt. Exit SmitfraudFix and run AVGAS again. When it finishes scanning, set all items to "Quarantine". Click "Apply All Actions". Click "Save Report" and save it to the desktop. Please post back with the contents of rapport.txt and the AVGAS report.
i think i saved the report before i quarantined the items, but ill scan again,and the popup i was talking about was this: but its gone now, ill post back when i get done with the other u told me ~Kevin
ok i did quarantine the items before i saved the report, it now says no treats found avgas: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 1:40:03 AM 11/8/2006 + Scan result: Nothing found. ::Report end rapport: SmitFraudFix v2.119 Scan done at 0:15:18.70, Wed 11/08/2006 Run from C:\Documents and Settings\Others\Desktop\kevin\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted C:\Program Files\PowerCodec\ Deleted C:\Program Files\TrueCodec\ Deleted C:\Program Files\VideoCompressionCodec\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End and heres a fresh HJT log: Logfile of HijackThis v1.99.1 Scan saved at 2:43:41 AM, on 11/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Others\Desktop\kevin\HijackThis_v1.99.1.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=54834 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: TVEngine Helper - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\hbtools\hbtv\hbtvhelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab? O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159315941984 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe thanks ~Kevin
did u tell me to download something called vcleaner? i have it in one of my folders and remember something about having to rename it to "something.exe" to keep something from seeing it or something.. dont think i have ran it, but dont remember thanks kevin EDIT: N/M figured it out http://www.grisoft.com/doc/112/lng/us/tpl/tpl01
Okay good. I was just going by the log you posted. Didn't think you had quarantined anything. Log looks good now. Delete the AVAS quarantined items. Open AVGAS, click Infections. Select all and click Remove finally. Java is out of date. Go here and download Java Runtime Environment 5.0 Update 9. Go to Start > Control Panel > Add/Remove Programs. Uninstall all previous version and updates of JRE. Restart and install Update 9. Turn System Restore back on and create a new restore point. Should be fine now.
thanks alot.. ill let my friend know its all good mind helping me make sure mine is all good? HJT: Logfile of HijackThis v1.99.1 Scan saved at 1:07:44 AM, on 11/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Desktop\kevin\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.creative.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe" O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab? O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158031237359 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158035128625 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe thanks again kevin
Hi Niobis, have tried the method u taught kevin on fixing the virus, which i apparently got it into my system. However, after cleaning my window registry i didnt get a message prompting me to fix the registry. my system slows down alot after the fixing. is there a problem? i didnt install the updated java
Hi, logfile as follows: ogfile of HijackThis v1.99.1 Scan saved at 1:51:06 AM, on 11/16/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\F-Secure\Common\FSMB32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe C:\Program Files\F-Secure\FSGUI\fsguiexe.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Vincent\Local Settings\Temporary Internet Files\Content.IE5\KJ3FE01D\HijackThis_v1.99.1[1].exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [IndicatorUtility] "C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" O4 - HKLM\..\Run: [LoadBtnHnd] "C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] "C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" O4 - HKLM\..\Run: [DisableWinXPWZCS] "C:\Program Files\Atheros\DisableWinXPWZCS.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/ O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Log is clean, just some minor cleanup. HijackThis is running from a temp folder, meaning if you fix something a backup will not be created. Move HijackThis.exe from here to a permanent folder: C:\Documents and Settings\Vincent\Local Settings\Temporary Internet Files\Content.IE5\KJ3FE01D\HijackThis_v1.99.1[1].exe Then, run a scan only with HjT and fix this: O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - (no file) Also, please tell me what you 'cleaned' from the registry.
Well, if you ran SmitfraudFix it should have removed all the registry keys belonging to Zlob(QualityCodec in your case) No need to remove any keys manually unless you had to delete the dll manually. Do you remember what key/s you deleted? And didn't you make a backup of the registry before removing things? Also, let's see if anything remains. Go here to run [bold]Kaspersky Online Scanner[/bold]. After downloading, click "[bold]My Computer[/bold]" to scan. After scanning, click "[bold]Save report as[/bold]". Save as a text file on the desktop. Post the log in your next reply.
Hi Niobis, Log report as follows. i did not do a backup. is there any free software to fix registry keys? Thanks, Scan Statistics Total number of scanned objects 42940 Number of viruses found 0 Number of infected objects 0 / 0 Number of suspicious objects 0 Duration of the scan process 00:54:16 Infected Object Name Virus Name Last Action C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{138FB29D-9A0B-4446-B3C8-336ED404D6E1}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{3347C2E9-1B1C-4A65-9A6E-183E16B866A2}.bin Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Vincent\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Vincent\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Vincent\Local Settings\History\History.IE5\MSHist012006111920061120\index.dat Object is locked skipped C:\Documents and Settings\Vincent\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Vincent\Local Settings\Temporary Internet Files\Content.IE5\GHUFODM7\backups\backup-20061112-115309-846.dll Object is locked skipped C:\Documents and Settings\Vincent\Local Settings\Temporary Internet Files\Content.IE5\GHUFODM7\backups\backup-20061112-115721-664.dll Object is locked skipped C:\Documents and Settings\Vincent\Local Settings\Temporary Internet Files\Content.IE5\GHUFODM7\backups\backup-20061112-115736-426.dll Object is locked skipped C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Vincent\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Vincent\UserData\index.dat Object is locked skipped C:\Documents and Settings\Vincent\ntuser.dat Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.mst Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped C:\Program Files\F-Secure\common\policy.ipf Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\D0000000.FCS Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chandir.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\inuse.txt Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\main.log Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\L0000011.FCS Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chandir.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\storydb.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\storydb.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chn.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chn.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_die.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_die.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_dnd.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_dnd.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_ext.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_ext.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_rcv.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_rcv.idx Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs.dat Object is locked skipped C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs.idx Object is locked skipped Scan process completed.
Looks good. Your computer is clean. Number 1 rule when inside the registry: Always make a backup before deleting anything. To make a backup in Registry Edit click File > Export and save the .reg file somewhere. Personally, I use CCleaner's Issues Fix and Registry Mechanic to clean keys. CCleaner is free, but Registry Mechanic is not. CCleaner will also clean cookies and temp file. I recommend you download and use it often. There's a link posted here by evilh0ly that will allow you to get Registry Mechanic 5.0 for free. Although 6.0 is now out, 5.0 is still worth free. But with a few keys words and use of Google, I'm sure you can find that 6.0 can also be free. Registry Mechanic also has a nice feature to 'Optimize' your registry which will introduce some tweaks into the registry to make your computer run a bit faster. Good luck!
Thanks. do i need to upgrade my java? i find that sometimes my internet pages gets uploaded quite slowly
Not sure what update or version of Java you have because it's not in the HjT log. Update 9 is out now, so if you don't have version 5.0 update 9, yes, you need to update.
