narrow88

Members
  • Content Count

    13
  • Joined

  • Last visited

Community Reputation

0 Neutral

About narrow88

  • Rank
    Member
  1. i'm not sure. if anything, i'll post another reply here. thanks
  2. I've attached a screen shot of the infection. here's ewido report --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 1:26:50 PM 8/4/2006 + Scan result: :mozilla.6:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.48:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined). :mozilla.49:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined). :mozilla.50:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined). :mozilla.517:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined). :mozilla.518:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined). :mozilla.519:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined). :mozilla.51:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined). :mozilla.520:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined). :mozilla.52:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined). :mozilla.53:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined). :mozilla.606:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined). :mozilla.607:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined). :mozilla.116:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). :mozilla.585:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). :mozilla.586:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). :mozilla.587:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). :mozilla.588:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). :mozilla.62:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined). :mozilla.10:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). :mozilla.9:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). :mozilla.657:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Belstat : Cleaned with backup (quarantined). :mozilla.658:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Belstat : Cleaned with backup (quarantined). :mozilla.664:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined). :mozilla.125:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). :mozilla.126:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). :mozilla.665:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). :mozilla.109:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined). :mozilla.525:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined). :mozilla.148:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined). :mozilla.149:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined). :mozilla.150:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined). :mozilla.151:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined). :mozilla.137:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined). C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1.tmp -> TrackingCookie.Com : Cleaned with backup (quarantined). :mozilla.516:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined). :mozilla.87:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.88:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.89:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.90:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.91:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.92:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.693:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.280:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup (quarantined). :mozilla.610:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). :mozilla.611:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). :mozilla.612:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). :mozilla.115:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined). :mozilla.574:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined). :mozilla.74:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined). :mozilla.8:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined). :mozilla.79:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined). :mozilla.122:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup (quarantined). :mozilla.401:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined). :mozilla.18:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined). :mozilla.417:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.418:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.419:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.420:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.81:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.547:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.548:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.26:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.27:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.28:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.29:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.30:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.89:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.438:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). :mozilla.439:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). :mozilla.440:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). :mozilla.94:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). :mozilla.103:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined). :mozilla.509:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined). :mozilla.108:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.522:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.523:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.104:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined). :mozilla.513:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined). :mozilla.514:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined). :mozilla.515:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7ca4sbmj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined). ::Report end here's a spysweeper log 2:43 PM: Traces Found: 1 2:43 PM: Full Sweep has completed. Elapsed time 01:24:22 2:43 PM: File Sweep Complete, Elapsed Time: 01:22:59 2:15 PM: Warning: Failed to access drive K: 2:15 PM: Warning: Failed to access drive J: 2:15 PM: Warning: Failed to access drive I: 2:15 PM: Warning: Failed to access drive H: 2:15 PM: Warning: Failed to access drive G: 2:15 PM: Warning: Failed to access drive F: 2:15 PM: Warning: Failed to access drive E: 2:10 PM: Warning: Failed to open file "c:\documents and settings\all users\start menu\programs\logitech\gaming software\launch logitech gaming software.lnk". The operation completed successfully 2:09 PM: Warning: Failed to open file "c:\documents and settings\compaq_owner\start menu\programs\windows media\microsoft windows xp video decoder checkup utility.lnk". The operation completed successfully 2:08 PM: Warning: Failed to open file "c:\program files\yahoo!\ypsr\quarantine\ppq2.tmp". The operation completed successfully 2:08 PM: Warning: Failed to open file "c:\program files\yahoo!\ypsr\quarantine\ppq1.tmp". The operation completed successfully 1:26 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\86d20a77794f4b0c3a7cfed8d8e984\mrtstub.exe". "c:\86d20a77794f4b0c3a7cfed8d8e984\mrtstub.exe": File not found 1:20 PM: Starting File Sweep 1:20 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00 1:20 PM: Starting Cookie Sweep 1:20 PM: Registry Sweep Complete, Elapsed Time:00:00:14 1:20 PM: HKLM\software\microsoft\mssmgr\ (ID = 937101) 1:20 PM: Found Trojan Horse: trojan agent winlogonhook 1:20 PM: Starting Registry Sweep 1:20 PM: Memory Sweep Complete, Elapsed Time: 00:01:09 1:19 PM: Starting Memory Sweep 1:18 PM: Sweep initiated using definitions version 733 1:18 PM: Spy Sweeper 5.0.5.1286 started 1:18 PM: | Start of Session, Friday, August 04, 2006 | ******** 1:18 PM: | End of Session, Friday, August 04, 2006 | 1:18 PM: Program Version 5.0.5.1286 Using Spyware Definitions 733 Keylogger Shield: On BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites Shield: Off Hosts File Shield: On Spy Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: Off IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 12:59 PM: Shield States 12:59 PM: Spyware Definitions: 733 12:59 PM: Spy Sweeper 5.0.5.1286 started 12:58 PM: | End of Session, Friday, August 04, 2006 | 12:58 PM: Program Version 5.0.5.1286 Using Spyware Definitions 733 12:56 PM: Spy Sweeper 5.0.5.1286 started 12:56 PM: | Start of Session, Friday, August 04, 2006 | ******** 12:59 PM: Traces Found: 0 12:59 PM: Memory Sweep Complete, Elapsed Time: 00:00:42 12:59 PM: Sweep Canceled 12:58 PM: Starting Memory Sweep 12:58 PM: Sweep initiated using definitions version 733 12:58 PM: Spy Sweeper 5.0.5.1286 started 12:58 PM: | Start of Session, Friday, August 04, 2006 | ********
  3. Previously i had a problem with ismon and ishost but recently my virus scanner detected winmfu32. ogfile of HijackThis v1.99.1 Scan saved at 10:37:00 AM, on 8/4/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zstatus.exe C:\Program Files\ATI Multimedia\mlibrary\MLibrary.exe C:\WINDOWS\system32\DllHost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\AGRSMMSG.exe c:\windows\system\hpsysdrv.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Documents and Settings\Compaq_Owner\Desktop\myIcon\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tvokids.com/ O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123526000203 O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab O16 - DPF: {88285C6E-AE89-4A3F-97E6-A749783D3543} - http://www.rogershelp.com/yahoo/downloads/...kfix/fraOCF.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...tupv2.0.0.9.cab? O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  4. panda scan report: Incident Status Location Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt[.2o7.net/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt[.adtech.de/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt[.ath.belnk.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt[.belnk.com/] Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt[.paycounter.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt[.questionmarket.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt[.serving-sys.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt[.statcounter.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt[.yadro.ru/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt[.zedo.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\sam\i0t3nnev.slt\cookies.txt[ad.yieldmanager.com/] Adware:Adware/Mytoolbar Not disinfected C:\Documents and Settings\Compaq_Owner\Desktop\myIcon\backups\backup-20060720-115537-887.dll Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.zip[smitfraudFix/Process.exe] Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe new hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 6:24:34 PM, on 7/20/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\Program Files\ATI Multimedia\main\ATISched.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\AGRSMMSG.exe c:\windows\system\hpsysdrv.exe C:\Documents and Settings\Compaq_Owner\Desktop\myIcon\HijackThis.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123526000203 O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab O16 - DPF: {88285C6E-AE89-4A3F-97E6-A749783D3543} - http://www.rogershelp.com/yahoo/downloads/...kfix/fraOCF.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...tupv2.0.0.9.cab? O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE smitfraud: SmitFraudFix v2.74 Scan done at 17:24:53.53, Thu 07/20/2006 Run from C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\ishost.exe Deleted C:\WINDOWS\system32\ismon.exe Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End thanks for helping out
  5. here is hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 12:33:22 PM, on 7/20/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ishost.exe C:\WINDOWS\system32\ismon.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\{8C0E9678-096B-1033-1019-050509210001}\Update.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\Program Files\ATI Multimedia\main\ATISched.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Documents and Settings\Compaq_Owner\Desktop\myIcon\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tvokids.com/ O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123526000203 O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab O16 - DPF: {88285C6E-AE89-4A3F-97E6-A749783D3543} - http://www.rogershelp.com/yahoo/downloads/...kfix/fraOCF.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...tupv2.0.0.9.cab? O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE here is adaware log Ad-Aware SE Build 1.06r1 Logfile Created on:Thursday, July 20, 2006 12:09:03 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R115 18.07.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):23 total references Tracking Cookie(TAC index:3):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 7-20-2006 12:09:03 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Compaq_Owner\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Compaq_Owner\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : S-1-5-21-46136632-902815109-3595838985-1009\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 592 ThreadCreationTime : 7-20-2006 4:01:35 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 644 ThreadCreationTime : 7-20-2006 4:01:39 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 676 ThreadCreationTime : 7-20-2006 4:01:44 PM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 728 ThreadCreationTime : 7-20-2006 4:01:47 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 740 ThreadCreationTime : 7-20-2006 4:01:47 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 900 ThreadCreationTime : 7-20-2006 4:01:51 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 964 ThreadCreationTime : 7-20-2006 4:01:53 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [msmpeng.exe] FilePath : C:\Program Files\Windows Defender\ ProcessID : 1044 ThreadCreationTime : 7-20-2006 4:01:54 PM BasePriority : Normal FileVersion : 1.1.1347.0 ProductVersion : 1.1.1347.0 ProductName : Windows Defender CompanyName : Microsoft Corporation FileDescription : Service Executable InternalName : MsMpEng.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : MsMpEng.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1104 ThreadCreationTime : 7-20-2006 4:01:55 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1216 ThreadCreationTime : 7-20-2006 4:01:57 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1272 ThreadCreationTime : 7-20-2006 4:01:59 PM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [defwatch.exe] FilePath : C:\Program Files\Symantec AntiVirus\ ProcessID : 1616 ThreadCreationTime : 7-20-2006 4:02:02 PM BasePriority : Normal FileVersion : 9.0.1.1000 ProductVersion : 9.0.1.1000 ProductName : Symantec AntiVirus CompanyName : Symantec Corporation FileDescription : Virus Definition Daemon InternalName : DefWatch LegalCopyright : Copyright 1998 - 2004 Symantec Corporation. All rights reserved. OriginalFilename : DefWatch.exe #:13 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1664 ThreadCreationTime : 7-20-2006 4:02:03 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:14 [rtvscan.exe] FilePath : C:\Program Files\Symantec AntiVirus\ ProcessID : 1740 ThreadCreationTime : 7-20-2006 4:02:04 PM BasePriority : Normal FileVersion : 9.0.1.1000 ProductVersion : 9.0.1.1000 ProductName : Symantec AntiVirus CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved. #:15 [vsmon.exe] FilePath : C:\WINDOWS\system32\ZoneLabs\ ProcessID : 1772 ThreadCreationTime : 7-20-2006 4:02:06 PM BasePriority : Normal FileVersion : 6.5.722.000 ProductVersion : 6.5.722.000 ProductName : TrueVector Service CompanyName : Zone Labs, LLC FileDescription : TrueVector Service InternalName : vsmon LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC OriginalFilename : vsmon.exe #:16 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1304 ThreadCreationTime : 7-20-2006 4:02:28 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:17 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1608 ThreadCreationTime : 7-20-2006 4:02:29 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:18 [ishost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2056 ThreadCreationTime : 7-20-2006 4:02:50 PM BasePriority : Normal #:19 [ismon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2136 ThreadCreationTime : 7-20-2006 4:02:51 PM BasePriority : Normal #:20 [hpbootop.exe] FilePath : C:\Program Files\Hewlett-Packard\HP Boot Optimizer\ ProcessID : 2168 ThreadCreationTime : 7-20-2006 4:02:51 PM BasePriority : Normal FileVersion : 2, 0, 5, 0 ProductVersion : 1, 0, 5, 0 ProductName : HPBootOp CompanyName : Hewlett-Packard Company FileDescription : HP Boot Optimizer LegalCopyright : Copyright © 2004 Hewlett-Packard Company Comments : Not user configurable. To remove, use Add or Remove Programs #:21 [alcxmntr.exe] FilePath : C:\WINDOWS\ ProcessID : 2240 ThreadCreationTime : 7-20-2006 4:02:53 PM BasePriority : Normal FileVersion : 1.5 ProductVersion : 1.5 ProductName : Realtek Audio - Event Monitor CompanyName : Realtek Semiconductor Corp. FileDescription : Realtek Audio - Event Monitor InternalName : Alcxmntr LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp. OriginalFilename : Alcxmntr.exe #:22 [zlclient.exe] FilePath : C:\Program Files\Zone Labs\ZoneAlarm\ ProcessID : 2304 ThreadCreationTime : 7-20-2006 4:02:56 PM BasePriority : Normal FileVersion : 6.5.722.000 ProductVersion : 6.5.722.000 ProductName : Zone Labs Client CompanyName : Zone Labs, LLC FileDescription : Zone Labs Client InternalName : zlclient LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC OriginalFilename : zlclient.exe #:23 [msascui.exe] FilePath : C:\Program Files\Windows Defender\ ProcessID : 2352 ThreadCreationTime : 7-20-2006 4:02:58 PM BasePriority : Normal FileVersion : 1.1.1347.0 ProductVersion : 1.1.1347.0 ProductName : Windows Defender CompanyName : Microsoft Corporation FileDescription : Windows Defender User Interface InternalName : MSASCUI LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : MSASCUI.exe #:24 [acrotray.exe] FilePath : C:\Program Files\Adobe\Acrobat 7.0\Distillr\ ProcessID : 2428 ThreadCreationTime : 7-20-2006 4:03:00 PM BasePriority : Normal FileVersion : 6.0.1.2004121400 ProductVersion : 6.0.1.2004121400 ProductName : AcroTray - Adobe Acrobat Distiller helper application. CompanyName : Adobe Systems Inc. FileDescription : AcroTray InternalName : AcroTray LegalCopyright : Copyright 1984-2004 Adobe Systems Incorporated and its licensors. All rights reserved. OriginalFilename : AcroTray.exe #:25 [cli.exe] FilePath : C:\Program Files\ATI Technologies\ATI.ACE\ ProcessID : 2516 ThreadCreationTime : 7-20-2006 4:03:03 PM BasePriority : Normal #:26 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2536 ThreadCreationTime : 7-20-2006 4:03:06 PM BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:27 [update.exe] FilePath : C:\Program Files\Common Files\{8C0E9678-096B-1033-1019-050509210001}\ ProcessID : 2572 ThreadCreationTime : 7-20-2006 4:03:08 PM BasePriority : Normal #:28 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2596 ThreadCreationTime : 7-20-2006 4:03:09 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:29 [atirw.exe] FilePath : C:\Program Files\ATI Multimedia\RemCtrl\ ProcessID : 2652 ThreadCreationTime : 7-20-2006 4:03:11 PM BasePriority : Normal FileVersion : 3.02.001 ProductVersion : 3.02 ProductName : ATI Remote Wonder CompanyName : ATI Technologies Inc. FileDescription : ATI Remote Wonder LegalCopyright : Copyright © 2002-2005 ATI Technologies Inc. OriginalFilename : ATIRW.EXE #:30 [atidtct.exe] FilePath : C:\Program Files\ATI Multimedia\main\ ProcessID : 2696 ThreadCreationTime : 7-20-2006 4:03:12 PM BasePriority : Normal FileVersion : 9.14.001 ProductVersion : 9.14 ProductName : ATI Multimedia Center CompanyName : ATI Technologies Inc. FileDescription : ATI Device Detection Application InternalName : AtiDtct LegalCopyright : Copyright © 2005 ATI Technologies Inc. OriginalFilename : AtiDtct.EXE #:31 [atisched.exe] FilePath : C:\Program Files\ATI Multimedia\main\ ProcessID : 2704 ThreadCreationTime : 7-20-2006 4:03:13 PM BasePriority : Normal FileVersion : 9.14.003 ProductVersion : 9.14 ProductName : ATI Multimedia Center CompanyName : ATI Technologies Inc. FileDescription : ATI Scheduler InternalName : ATISCHED LegalCopyright : Copyright © 2001-2005 ATI Technologies Inc. OriginalFilename : ATISCHED.EXE #:32 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2860 ThreadCreationTime : 7-20-2006 4:03:24 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : RUNDLL.EXE #:33 [firefox.exe] FilePath : C:\Program Files\Mozilla Firefox\ ProcessID : 3628 ThreadCreationTime : 7-20-2006 4:04:49 PM BasePriority : Normal #:34 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3796 ThreadCreationTime : 7-20-2006 4:05:02 PM BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:35 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2220 ThreadCreationTime : 7-20-2006 4:08:38 PM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 23 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 23 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 23 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:24 Value : Cookie:[email protected]/ Expires : 7-10-2036 10:12:30 AM LastSync : Hits:24 UseCount : 0 Hits : 24 Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:[email protected]/ Expires : 7-21-2011 1:26:22 AM LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 25 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 25 Deep scanning and examining files (D:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 25 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 25 12:30:47 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:21:44.282 Objects scanned:301587 Objects identified:2 Objects ignored:0 New critical objects:2
  6. Thank you Andy, i'll wait about two days of continuous use to see if there is a problem.
  7. i don't think that anything is working. ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, July 02, 2006 11:23:07 PM Operating System: Microsoft Windows XP Professional, (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 3/07/2006 Kaspersky Anti-Virus database records: 204272 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ Scan Statistics: Total number of scanned objects: 42669 Number of viruses found: 4 Number of infected objects: 11 / 0 Number of suspicious objects: 0 Duration of the scan process: 00:59:03 Infected Object Name / Virus Name / Last Action C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\SYSTEM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\DEFAULT.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat Object is locked skipped C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\CSC\00000001 Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Debug\oakley.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\ModemLog_Generic 56K HCF Data Fax Modem.txt Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07CC0000.VBN Infected: Trojan-PSW.Win32.Lineage.gk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07CC0002.VBN Infected: Trojan-PSW.Win32.Lineage.gk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BAC0000.VBN Infected: not-a-virus:AdWare.Win32.BHO.w skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BAC0001.VBN Infected: not-a-virus:AdWare.Win32.BHO.w skipped C:\Documents and Settings\J Choe\ntuser.dat Object is locked skipped C:\Documents and Settings\J Choe\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\J Choe\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\J Choe\Desktop\SmitfraudFix\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\Documents and Settings\J Choe\Desktop\SmitfraudFix\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\Documents and Settings\J Choe\Desktop\SmitfraudFix\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\Documents and Settings\J Choe\Desktop\SmitfraudFix\keyfinder.exe RarSFX: infected - 3 skipped C:\Documents and Settings\J Choe\Cookies\index.dat Object is locked skipped C:\Documents and Settings\J Choe\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\J Choe\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\J Choe\Application Data\Identities\{8E7C0479-EE95-4396-8671-95115447AF18}\Microsoft\Outlook Express\Hotmail - Inbox.dbx/[From [email protected]][Date Sat, 24 Jul 2004 17:33:29 -1000]/UNNAMED/document.pif Infected: Email-Worm.Win32.NetSky.q skipped C:\Documents and Settings\J Choe\Application Data\Identities\{8E7C0479-EE95-4396-8671-95115447AF18}\Microsoft\Outlook Express\Hotmail - Inbox.dbx/[From [email protected]][Date Sat, 24 Jul 2004 17:33:29 -1000]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped C:\Documents and Settings\J Choe\Application Data\Identities\{8E7C0479-EE95-4396-8671-95115447AF18}\Microsoft\Outlook Express\Hotmail - Inbox.dbx Mail MS Outlook 5: infected - 2 skipped C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\history.dat Object is locked skipped C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\parent.lock Object is locked skipped C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cert8.db Object is locked skipped C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\key3.db Object is locked skipped C:\Documents and Settings\J Choe\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped Scan process completed. i repaired symantec antivirus. thank you for your patients.
  8. thanks for the new java links, they worked. for the vundofix, it will not reload.
  9. I can't seem to find the jave versions that i need. I'm going to purchase winxp pro this week. if you can help me then i would greatly appreciate it. but here are ewido and panda logs: for ewido, i deleted the infections. --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 4:50:36 PM 02/07/2006 + Scan result: C:\WINDOWS\SYSTEM32\pmnommj.dll -> Adware.Virtumonde : No action taken. :mozilla.316:C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.317:C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.318:C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken. :mozilla.89:C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt -> TrackingCookie.Com : No action taken. :mozilla.65:C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken. :mozilla.71:C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt -> TrackingCookie.Pointroll : No action taken. :mozilla.72:C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt -> TrackingCookie.Pointroll : No action taken. :mozilla.73:C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt -> TrackingCookie.Pointroll : No action taken. :mozilla.74:C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt -> TrackingCookie.Pointroll : No action taken. :mozilla.23:C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken. :mozilla.24:C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken. :mozilla.38:C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.39:C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.40:C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. ::Report end Incident Status Location Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\pmnommj.dll Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0000041.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0000112.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0000364.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0000653.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0000662.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0000702.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0000762.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0000873.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0000902.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0001127.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0001131.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0001172.~] Virus:W32/Netsky.AE.worm Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[message.scr] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0001273.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0001464.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0001664.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0001791.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0001875.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0001969.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0001981.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0002037.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0002084.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0002094.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0002098.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0002165.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0002229.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0002252.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0002303.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0003822.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0003863.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0003874.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0003878.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0003896.~] Virus:Exploit/iFrame Disinfected C:\WINDOWS\APPLICATION DATA\Mozilla\Profiles\S C\c53b35em.slt\Mail\pop\Inbox[~0003912.~] Spyware:Cookie/Versiontracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13F.tmp Spyware:Cookie/Atwola Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14B.tmp Spyware:Cookie/Atwola Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14C.tmp Spyware:Cookie/Atwola Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14D.tmp Spyware:Cookie/Atwola Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14E.tmp Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq153.tmp Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq163.tmp Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq164.tmp Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq165.tmp Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq166.tmp Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq167.tmp Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq168.tmp Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq169.tmp Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16A.tmp Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16B.tmp Spyware:Cookie/Gorillanation Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq174.tmp Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17A.tmp Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17B.tmp Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17C.tmp Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq188.tmp Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq189.tmp Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq389.tmp Spyware:Cookie/Clicktracks Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqCE.tmp Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\J Choe\Desktop\SmitfraudFix\Process.exe Spyware:Cookie/Go Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\J Choe\Cookies\[email protected][2].txt Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\J Choe\Cookies\[email protected][2].txt Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][2].txt Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][1].txt Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\J Choe\Cookies\[email protected][3].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][3].txt Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][3].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][5].txt Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][2].txt Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][1].txt Spyware:Cookie/888 Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][1].txt Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][1].txt Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][6].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][1].txt Spyware:Cookie/360i Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][2].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][4].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][3].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][2].txt Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][1].txt Spyware:Cookie/360i Not disinfected C:\Documents and Settings\J Choe\Cookies\j [email protected][2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\J Choe\Application Data\Mozilla\Profiles\default\6jf9nk35.slt\cookies.txt[.go.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\J Choe\Application Data\Mozilla\Profiles\S C\c53b35em.slt\cookies.txt[.ath.belnk.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\J Choe\Application Data\Mozilla\Profiles\S C\c53b35em.slt\cookies.txt[.atwola.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\J Choe\Application Data\Mozilla\Profiles\S C\c53b35em.slt\cookies.txt[.belnk.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\J Choe\Application Data\Mozilla\Profiles\S C\c53b35em.slt\cookies.txt[.dist.belnk.com/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\J Choe\Application Data\Mozilla\Profiles\S C\c53b35em.slt\cookies.txt[.maxserving.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\J Choe\Application Data\Mozilla\Profiles\S C\c53b35em.slt\cookies.txt[.realmedia.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\J Choe\Application Data\Mozilla\Profiles\Default User\bb9talky.slt\cookies.txt[.atwola.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt[.statcounter.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt[.atwola.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt[.com.com/] Spyware:Cookie/360i Not disinfected C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt[.ct.360i.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt[.go.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\J Choe\Application Data\Mozilla\Firefox\Profiles\gxk9ksm3.default\cookies.txt[searchportal.information.com/]
  10. I'm so grateful for your help. Either you don't require sleep or are in a different time zone from me. My computer will not uninstall Java 2 Runtime Environment, SE v1.4.0_03 Java 2 Runtime Environment, SE v1.4.1_02. I get a message stating "An installation support file could not be installed. the system cannot find the specified file" as for the updates for sp2, i'm working on that. i believe that i purchased pirated software. sometime this week i'll be buying win xp pro from my university. for the ewido scan and panda scan, i'll post those reports shortly. thank you
  11. thank you Andy for the quick reply. I want to confess that i previously ran vundo and it gave me a log. Vundo does not re-open after i chech run vundofix as a task. here is the previous vundofix file: VundoFix V4.2.84 Checking Java version... Java version is 1.5.0.2 Java version is 1.5.0.4 Java version is 1.5.0.6 Scan started at 12:43:20 AM 01/07/2006 Listing files found while scanning.... C:\Windows\SYSTEM32\qqsru.bak1 C:\Windows\SYSTEM32\qqsru.ini C:\Windows\SYSTEM32\ursqq.dll Attempting to delete C:\Windows\SYSTEM32\qqsru.bak1 C:\Windows\SYSTEM32\qqsru.bak1 Has been deleted! Attempting to delete C:\Windows\SYSTEM32\qqsru.ini C:\Windows\SYSTEM32\qqsru.ini Has been deleted! Attempting to delete C:\Windows\SYSTEM32\ursqq.dll C:\Windows\SYSTEM32\ursqq.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V4.2.84 Checking Java version... Java version is 1.5.0.2 Java version is 1.5.0.4 Java version is 1.5.0.6 Scan started at 12:49:33 AM 01/07/2006 Listing files found while scanning.... No infected files were found. VundoFix V4.2.84 Checking Java version... Java version is 1.5.0.2 Java version is 1.5.0.4 Java version is 1.5.0.6 Scan started at 12:51:03 AM 01/07/2006 Listing files found while scanning.... No infected files were found. VundoFix V4.2.84 Checking Java version... Scan started at 1:06:49 AM 01/07/2006 Listing files found while scanning.... No infected files were found. VundoFix V4.2.84 Checking Java version... Scan started at 7:54:22 AM 02/07/2006 Listing files found while scanning.... No infected files were found. uninstall: Ad-Aware SE Personal Adobe Acrobat 7.0.1 and Reader 7.0.1 Update Adobe Acrobat 7.0.2 and Reader 7.0.2 Update Adobe Acrobat 7.0.3 and Reader 7.0.3 Update Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Reader 7.0 Ahead Nero - Burning Rom AsusUpdate V3.26 ATI Multimedia Center DirectX 9 Hotfix - KB839643 DivX Dora Backpack Easy CD Creator 5 Platinum HijackThis 1.99.1 Java 2 Runtime Environment, SE v1.4.0_03 Java 2 Runtime Environment, SE v1.4.1_02 LiveReg (Symantec Corporation) LiveUpdate 2.6 (Symantec Corporation) Macromedia Shockwave Player Microsoft Data Access Components KB870669 Microsoft IntelliPoint 4.0 Microsoft Office PowerPoint Viewer 2003 Microsoft Office Professional Edition 2003 Mozilla Firefox (1.5) Netscape (7.1) Nick Aracde Toolbar OLYMPUS CAMEDIA Master 4.2 Outlook Express Q823353 QuickTime RealPlayer Rogers Self Healing (remove only) Rogers Update Manager (remove only) Rogers Yahoo! Applications Shockwave Sony Digital Voice Editor 2 Sound Blaster Live! Value Spybot - Search & Destroy 1.4 Symantec AntiVirus Windows XP Application Compatibility Update[Q319580] Windows XP Hotfix - KB810217 Windows XP Hotfix - KB821253 Windows XP Hotfix - KB821557 Windows XP Hotfix - KB823182 Windows XP Hotfix - KB823559 Windows XP Hotfix - KB824105 Windows XP Hotfix - KB824141 Windows XP Hotfix - KB824146 Windows XP Hotfix - KB825119 Windows XP Hotfix - KB828028 Windows XP Hotfix - KB828035 Windows XP Hotfix - KB828741 Windows XP Hotfix - KB833407 Windows XP Hotfix - KB833987 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB835732 Windows XP Hotfix - KB837001 Windows XP Hotfix - KB839645 Windows XP Hotfix - KB840315 Windows XP Hotfix - KB840374 Windows XP Hotfix - KB840987 Windows XP Hotfix - KB841356 Windows XP Hotfix - KB841533 Windows XP Hotfix - KB841873 Windows XP Hotfix - KB842773 Windows XP Hotfix - KB873376 Windows XP Hotfix - KB883357 Windows XP Hotfix - KB887811 Windows XP Hotfix - KB887822 Windows XP Hotfix (SP1) [see Q307869 for more information] Windows XP Hotfix (SP1) [see Q309521 for more information] Windows XP Hotfix (SP1) [see Q310510 for more information] Windows XP Hotfix (SP1) [see Q311542 for more information] Windows XP Hotfix (SP1) [see Q311889 for more information] Windows XP Hotfix (SP1) [see Q311967 for more information] Windows XP Hotfix (SP1) [see Q313450 for more information] Windows XP Hotfix (SP1) [see Q314862 for more information] Windows XP Hotfix (SP1) [see Q315000 for more information] Windows XP Hotfix (SP1) [see Q315403 for more information] Windows XP Hotfix (SP1) [see Q316397 for more information] Windows XP Hotfix (SP1) [see Q317277 for more information] Windows XP Hotfix (SP1) [see Q318138 for more information] Windows XP Hotfix (SP1) [see Q318966 for more information] Windows XP Hotfix (SP1) [see Q319322 for more information] Windows XP Hotfix (SP1) [see Q319949 for more information] Windows XP Hotfix (SP1) [see Q320174 for more information] Windows XP Hotfix (SP1) [see Q320552 for more information] Windows XP Hotfix (SP1) [see Q320678 for more information] Windows XP Hotfix (SP1) [see Q323172 for more information] Windows XP Hotfix (SP1) [see Q324096 for more information] Windows XP Hotfix (SP1) [see Q324380 for more information] Windows XP Hotfix (SP1) [see Q326830 for more information] Windows XP Hotfix (SP1) [see Q328940 for more information] Windows XP Hotfix (SP1) [see Q329048 for more information] Windows XP Hotfix (SP1) [see Q329390 for more information] Windows XP Hotfix (SP1) [see Q329441 for more information] Windows XP Hotfix (SP1) [see Q329834 for more information] Windows XP Hotfix (SP1) Q329170 Windows XP Hotfix (SP1) Q810577 Windows XP Hotfix (SP1) Q810833 Windows XP Hotfix (SP1) Q811493 Windows XP Hotfix (SP1) Q815021 Windows XP Hotfix (SP1) Q817606 Windows XP Hotfix (SP1) Q819696 Windows XP Hotfix (SP2) [see Q329115 for more information] WinRAR archiver WinZip XviD MPEG-4 Video Codec Yahoo! Photos Easy Upload Tool 1v3 hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 8:07:05 AM, on 02/07/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\Explorer.EXE C:\Windows\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Windows\System32\ctfmon.exe C:\Windows\System32\devldr32.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Windows\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Windows\system32\fxssvc.exe C:\Windows\System32\wuauclt.exe C:\help\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\J Choe\Application Data\Mozilla\Profiles\default\6jf9nk35.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\J Choe\Application Data\Mozilla\Profiles\default\6jf9nk35.slt\prefs.js) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_2_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_2_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\msdxm.ocx O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL (file missing) O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab? O20 - Winlogon Notify: NavLogon - C:\Windows\ O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE thank you again.
  12. i've been getting popups for winantivirus. Symantec detected and 'removed' trojan.startpage, adware.purityscan, adware.mainsearch, trojan.zlob, and trojan.adclicker. i think one source was cowabanga.exe. Logfile of HijackThis v1.99.1 Scan saved at 12:03:58 AM, on 02/07/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Windows\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Windows\system32\fxssvc.exe C:\Windows\Explorer.EXE C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Windows\System32\ctfmon.exe C:\Windows\System32\devldr32.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\PROGRA~1\YAHOO!\YOP\yop.exe C:\PROGRA~1\YAHOO!\browser\ycommon.exe C:\help\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\J Choe\Application Data\Mozilla\Profiles\default\6jf9nk35.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\J Choe\Application Data\Mozilla\Profiles\default\6jf9nk35.slt\prefs.js) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_2_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {411F0C6B-D7BF-485D-B21B-28D6DD9230F9} - C:\Windows\System32\ursqq.dll (file missing) O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file) O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_2_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\msdxm.ocx O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL (file missing) O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: Win32 Classes - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) - O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab? O20 - Winlogon Notify: NavLogon - C:\Windows\ O20 - Winlogon Notify: pmnommj - C:\Windows\ O20 - Winlogon Notify: winonn32 - C:\Windows\SYSTEM32\winonn32.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE