0

help plz?

Logfile of HijackThis v1.99.1
Scan saved at 1:54:00 AM, on 4/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Paul\LOCALS~1\Temp\xloadnet.exe
C:\WINDOWS\updater.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCMAIN.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccSScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\updater.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - C:\WINDOWS\system32\xxfgmy.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

2
Contributors
21
Replies
22
Views
10 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to Daniweb forums :).

Please download and install AVG antispyware tool

  • Close all other Applications Select language click Ok
  • Click I Agree
  • Click next
  • Click Install
  • Click Finish
  • Wait and AVG antispyware will open to the main screen automatically.
  • Wait again a few minutes and AVG antispyware Should Auto update itself. If it doesn't click update at top of screen.
  • This is very important to get updates
  • When updating has finished. Close AVG antispyware.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE

    You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while AVG antispyware performs its scan!

  • Run AVG antispyware.
  • Click on scanner at top of AVG antispyware sceen.
  • Click on Settings.
  • Under How to Act click on Recommended Action and choose Quarantine.
  • Under How to scan all boxes should be selected.
  • Under Possibly unwanted software all boxes should be selected.
  • On right side under Reports: click on Automatically generate report after every scan.
  • Under What to scan select scan every file.
  • Click On scan Tab.
  • Click on Complete system scan.
  • Let the program scan the machine It can take awhile give it time.
  • When scan has finished at bottom of screen click Apply all Actions.
  • Click Save report
  • Click Save Report as (Save as window's screen should pop up.)
  • Click desktop.
  • Click Save.
  • Exit AVG antispyware.

Reboot back to normal mode.


Post the log here.

==

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

==

Please rename hijackthis to analysethis.

0

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:06:42 AM 4/25/2007

+ Scan result:

C:\Documents and Settings\Paul\My Documents\Οracle\lsass.exe -> Adware.PurityScan : No action taken.
C:\WINDOWS\system32\rvfgb.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0034474.dll -> Adware.RK : No action taken.
C:\WINDOWS\system32\__delete_on_reboot__s_s_q_n_o_l_j_._d_l_l_ -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\ddcdefe.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\gebbcab.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\vtuustt.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0034472.exe -> Downloader.Agent.bls : No action taken.
C:\Program Files\xloadnet\xloadnet.exe -> Downloader.VB.wz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0034525.exe -> Downloader.VB.wz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0034473.scr -> Dropper.Agent.aoj : No action taken.
C:\Documents and Settings\Paul\Local Settings\Temp\ICD1.tmp\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
C:\Documents and Settings\Paul\Local Settings\Temp\ICD3.tmp\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\Paul\Local Settings\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\Cache.Trash\Trash\Cache\069CD5C0d01 -> Not-A-Virus.Downloader.Win32.WinFixer.q : No action taken.
:mozilla.211:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.246:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.261:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.262:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@aavalue[2].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@grouplotto.aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.151:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.335:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.336:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.337:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.338:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.339:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.340:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.341:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@adrevolver[3].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.103:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.104:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.105:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.106:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.107:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.94:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.247:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.248:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.249:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.380:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.231:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.232:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.235:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@clickbank[2].txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.117:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.29:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.31:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.32:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.33:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.34:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.35:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.36:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.136:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.137:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.138:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.139:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.140:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.379:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@fortunecity[1].txt -> TrackingCookie.Fortunecity : No action taken.
:mozilla.77:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.78:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.79:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.80:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.81:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.83:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.84:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.85:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@ehg-pcsecurityshield.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.100:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.96:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@searchportal.information[1].txt -> TrackingCookie.Information : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@linksynergy[2].txt -> TrackingCookie.Linksynergy : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.289:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.152:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.153:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.27:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.30:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.118:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.101:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.102:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.97:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.98:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.99:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.88:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.89:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.90:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.91:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.92:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.93:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.95:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.331:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.332:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.333:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.334:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@network.realmedia[2].txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@realmedia[2].txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.50:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.51:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.52:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.53:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.54:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.55:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.56:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
:mozilla.174:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.175:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.176:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.177:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.178:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.179:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.263:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.264:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.265:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.266:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.267:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.268:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.269:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.270:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.271:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.272:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.184:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sextracker : No action taken.
:mozilla.185:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sextracker : No action taken.
:mozilla.186:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sextracker : No action taken.
:mozilla.189:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sextracker : No action taken.
:mozilla.318:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.320:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.322:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.323:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@h.starware[2].txt -> TrackingCookie.Starware : No action taken.
:mozilla.215:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.219:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.220:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.221:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.222:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.328:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.359:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@targetnet[1].txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.230:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@reduxads.valuead[2].txt -> TrackingCookie.Valuead : No action taken.
:mozilla.387:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.
:mozilla.87:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.38:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.39:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.40:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.41:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.42:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.43:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.44:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.119:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.120:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.121:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@c2.zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\system32\wnsapii.exe -> Trojan.Small : No action taken.


::Report end

0

Under How to Act click on Recommended Action and choose Quarantine.


Post the log here.

You only did a scan. You need to repeat this following the instructions above.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

==

Please rename hijackthis to analysethis.

You didn't do this at all.

0

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:50:52 PM 4/25/2007

+ Scan result:

C:\Documents and Settings\Paul\My Documents\Οracle\lsass.exe -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP480\A0037814.dll -> Adware.PurityScan : No action taken.
C:\WINDOWS\system32\eebyeenv.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0034474.dll -> Adware.RK : No action taken.
C:\WINDOWS\system32\__delete_on_reboot__s_s_q_n_o_l_j_._d_l_l_ -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\ddcdefe.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\gebbcab.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\vtuustt.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0034472.exe -> Downloader.Agent.bls : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0034525.exe -> Downloader.VB.wz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP480\A0037812.exe -> Downloader.VB.wz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0034473.scr -> Dropper.Agent.aoj : No action taken.
C:\Documents and Settings\Paul\Local Settings\Temp\ICD1.tmp\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
C:\Documents and Settings\Paul\Local Settings\Temp\ICD3.tmp\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
:mozilla.229:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.259:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.274:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.275:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@aavalue[2].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@grouplotto.aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.346:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.347:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.348:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.349:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.350:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.351:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.352:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@adrevolver[3].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.136:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.137:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.138:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.139:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.140:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.130:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.260:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.261:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.262:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.389:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.247:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.248:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.251:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@clickbank[2].txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.149:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.17:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.21:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.22:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.24:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.25:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.26:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.27:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.168:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.169:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.170:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.171:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.172:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.388:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@fortunecity[1].txt -> TrackingCookie.Fortunecity : No action taken.
:mozilla.100:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.101:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.102:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.103:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.104:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.105:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.106:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.107:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@ehg-pcsecurityshield.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.88:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.89:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@searchportal.information[1].txt -> TrackingCookie.Information : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@linksynergy[2].txt -> TrackingCookie.Linksynergy : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.302:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.73:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.74:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.20:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.23:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.150:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.131:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.132:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.133:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.134:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.135:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.90:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.96:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.97:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.344:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.345:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@network.realmedia[2].txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@realmedia[2].txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.62:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.66:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.68:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.69:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.70:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.71:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.72:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
:mozilla.203:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.204:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.205:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.206:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.207:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.208:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.276:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.277:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.278:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.279:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.280:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.281:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.282:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.283:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.284:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.285:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.29:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.331:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.333:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.335:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.336:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@h.starware[2].txt -> TrackingCookie.Starware : No action taken.
:mozilla.233:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.236:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.237:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.238:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.341:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.369:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@targetnet[1].txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.45:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Toplist : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.246:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@reduxads.valuead[2].txt -> TrackingCookie.Valuead : No action taken.
:mozilla.396:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.
:mozilla.129:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.118:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.119:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.120:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.151:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.152:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.153:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@c2.zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP480\A0037817.exe -> Trojan.Small : No action taken.
C:\WINDOWS\system32\wnsapii.exe -> Trojan.Small : No action taken.


::Report end

0

You did exactly the same thing again?? You need to quarantine what AVG finds, then you need to download and run the smitfraudfix file.

0

SmitFraudFix v2.171

Scan done at 23:46:03.03, Thu 04/26/2007
Run from C:\Documents and Settings\Paul\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SMBOLS~1\nopdb.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\iTunes\iTunes.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Paul


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Paul\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Paul\FAVORI~1

C:\DOCUME~1\Paul\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{588599f4-de26-4c28-ba14-f4eb17e33481}"="emptins"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 2915ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 68.87.71.226
DNS Server Search Order: 68.87.73.242

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2DD0BCD6-A277-4AEE-87BB-791C605F7C4C}: DhcpNameServer=68.87.71.226 68.87.73.242
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2DD0BCD6-A277-4AEE-87BB-791C605F7C4C}: DhcpNameServer=68.87.71.226 68.87.73.242
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2DD0BCD6-A277-4AEE-87BB-791C605F7C4C}: DhcpNameServer=68.87.71.226 68.87.73.242
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

0

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".


The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

==

Can you please post the AVG log too?

0

SmitFraudFix v2.171

Scan done at 8:37:50.87, Mon 05/07/2007
Run from C:\Documents and Settings\Paul\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{588599f4-de26-4c28-ba14-f4eb17e33481}"="emptins"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\Paul\FAVORI~1\Online Security Test.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2DD0BCD6-A277-4AEE-87BB-791C605F7C4C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2DD0BCD6-A277-4AEE-87BB-791C605F7C4C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A5C3A003-7BF1-4E4A-8285-A3E4CB7D749F}: DhcpNameServer=129.63.1.27 129.63.1.28
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

0

Logfile of HijackThis v1.99.1
Scan saved at 8:42:29 AM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\taxgajgl.dll",realset
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\SMBOLS~1\nopdb.exe" -vt yazb
O4 - HKCU\..\Run: [Tjtw] "C:\Documents and Settings\Paul\My Documents\?racle\lsass.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://www.winantivirus.com/download/2007/download.php?file=2&aid=swp_wa7p_us_en_ed1&lid=288&affid=pp_1155825931
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

0

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:09:48 PM 5/7/2007

+ Scan result:

C:\Documents and Settings\Paul\My Documents\Οracle\lsass.exe -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP480\A0037814.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP483\A0037952.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0037975.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP487\A0037992.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0038038.dll -> Adware.PurityScan : No action taken.
C:\WINDOWS\system32\iuf.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0034474.dll -> Adware.RK : No action taken.
C:\WINDOWS\system32\__delete_on_reboot__s_s_q_n_o_l_j_._d_l_l_ -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\ddcdefe.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\gebbcab.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\vtuustt.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0034472.exe -> Downloader.Agent.bls : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0034525.exe -> Downloader.VB.wz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP480\A0037812.exe -> Downloader.VB.wz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0034473.scr -> Dropper.Agent.aoj : No action taken.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\6I8AR3IJ\2_z[1].htm -> Dropper.Small.j : No action taken.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\EXJ5KQLE\1_z[1].htm -> Dropper.Small.j : No action taken.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\IUT38QH7\poiwrxoiwc[1].htm -> Dropper.Small.j : No action taken.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\L3XQ904W\0_z[1].htm -> Dropper.Small.j : No action taken.
C:\Documents and Settings\Paul\Local Settings\Temp\ICD1.tmp\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
C:\Documents and Settings\Paul\Local Settings\Temp\ICD3.tmp\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
:mozilla.267:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.269:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.274:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.218:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.219:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.220:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.221:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.222:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.223:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.224:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.225:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.226:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.500:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.600:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.607:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@bidzcom.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@buzznet.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@getmusicfree.aavalue[2].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@grouplotto.aavalue[2].txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.167:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.172:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.174:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.175:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.176:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.286:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@ads.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.312:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adengage : No action taken.
:mozilla.137:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.138:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.139:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.140:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.141:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.142:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.143:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.129:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.130:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.131:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.132:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.133:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.53:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.144:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.601:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.602:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.603:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@cc.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.402:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.403:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.404:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.405:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.406:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.407:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.408:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@clickbank[2].txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.235:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.262:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.54:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.55:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.56:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.57:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@enhance[2].txt -> TrackingCookie.Enhance : No action taken.
:mozilla.295:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.488:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.489:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.490:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.425:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.426:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@fortunecity[1].txt -> TrackingCookie.Fortunecity : No action taken.
:mozilla.251:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.41:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.42:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.44:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.45:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.47:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.48:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.49:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.50:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.51:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.52:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@ehg-maniatv.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@ehg-meevee.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.328:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.103:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.104:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@searchportal.information[1].txt -> TrackingCookie.Information : No action taken.
:mozilla.301:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Linksynergy : No action taken.
:mozilla.302:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Linksynergy : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@linksynergy[1].txt -> TrackingCookie.Linksynergy : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.394:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.63:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.64:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.19:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.22:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.558:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.444:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Paycounter : No action taken.
:mozilla.147:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Paypal : No action taken.
:mozilla.149:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.150:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.151:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.152:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.153:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.154:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@pro-market[2].txt -> TrackingCookie.Pro-market : No action taken.
:mozilla.263:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.264:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.265:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.134:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.135:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.136:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@network.realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@realmedia[2].txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.182:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.183:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.184:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.185:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.191:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.192:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.193:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.194:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.195:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.196:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.197:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.198:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.234:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.236:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.237:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.238:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.424:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@revsci[1].txt -> TrackingCookie.Revsci : No action taken.
:mozilla.527:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.528:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.568:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.569:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.570:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.571:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.572:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.573:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.449:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.450:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.451:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.452:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.453:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.454:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.455:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.456:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.457:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.458:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.459:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.460:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.461:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.462:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.438:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.439:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.440:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.441:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.442:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.410:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.411:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.412:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.413:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.417:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.419:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.420:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.422:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.423:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@h.starware[2].txt -> TrackingCookie.Starware : No action taken.
:mozilla.282:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.268:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.276:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.277:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.278:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.279:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.633:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@targetnet[1].txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.553:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Toplist : No action taken.
:mozilla.473:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.474:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.475:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.476:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.477:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.478:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.479:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.65:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@reduxads.valuead[1].txt -> TrackingCookie.Valuead : No action taken.
:mozilla.654:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.
:mozilla.46:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.145:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.146:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.148:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.266:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.270:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.271:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.272:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\k6p9tv4d.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@c2.zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Paul\Cookies\paul@zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP480\A0037817.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP482\A0037874.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP483\A0037955.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0037978.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP487\A0037995.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP490\A0038041.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP493\A0040118.exe -> Trojan.Small : No action taken.
C:\WINDOWS\system32\wnsapii.exe -> Trojan.Small : No action taken.


::Report end

0

AVG has still been set to take no action. If you cannot follow the instructions I gave, please let me know. It is all written down in a previous post on how to set it up for the scan.
Hijackthis was run in safe mode. I did not ask for it to be run in safe mode. Please run it in normal mode and post that log.

0

Logfile of HijackThis v1.99.1
Scan saved at 8:04:17 PM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\PROGRA~1\SMBOLS~1\nopdb.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Paul\My Documents\?racle\lsass.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\EASPOR~1\MADDEN~1\keyblo.exe
C:\Program Files\Hijackthis\HijackThis.exe

O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\taxgajgl.dll",realset
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\SMBOLS~1\nopdb.exe" -vt yazb
O4 - HKCU\..\Run: [Tjtw] "C:\Documents and Settings\Paul\My Documents\?racle\lsass.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://www.winantivirus.com/download/2007/download.php?file=2&aid=swp_wa7p_us_en_ed1&lid=288&affid=pp_1155825931
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

0

Can you please do the following.

===============

Can you disable Windows Defender as it may interfere with the removal process. Please leave it disabled until your PC has been given the all clear.

  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • After you uncheck this, click on the Save button
  • Close Windows Defender

===============

Run HiJackThis then:

1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\PROGRA~1\SMBOLS~1\nopdb.exe
C:\Documents and Settings\Paul\My Documents\?racle\lsass.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Scan with HijackThis and then place a check next to all the following, if present:


O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)

O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\SMBOLS~1\nopdb.exe" -vt yazb
O4 - HKCU\..\Run: [Tjtw] "C:\Documents and Settings\Paul\My Documents\?racle\lsass.exe"

O15 - Trusted Zone: *.sxload.net (HKLM)

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://www.winantivirus.com/download...=pp_1155825931


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\PROGRA~1\SMBOLS~1
C:\Documents and Settings\Paul\My Documents\?racle

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

Please download VundoFix.exe
to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HijackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

0

VundoFix V6.3.21

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 1:56:46 PM 5/9/2007

Listing files found while scanning....

C:\WINDOWS\system32\bautuuyq.dll
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\ddcdefe.dll
C:\WINDOWS\system32\gebbcab.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\mxqdrsdi.dll
C:\WINDOWS\system32\qscolxpn.dll
C:\WINDOWS\system32\vtuustt.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bautuuyq.dll
C:\WINDOWS\system32\bautuuyq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcdefe.dll
C:\WINDOWS\system32\ddcdefe.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\gebbcab.dll
C:\WINDOWS\system32\gebbcab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\geedb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mxqdrsdi.dll
C:\WINDOWS\system32\mxqdrsdi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qscolxpn.dll
C:\WINDOWS\system32\qscolxpn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuustt.dll
C:\WINDOWS\system32\vtuustt.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddcdefe.dll
C:\WINDOWS\system32\ddcdefe.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 2:11:06 PM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B92AE1A-4183-7D57-F04F-1BE338E5F9ED} - C:\WINDOWS\system32\kfbmgk.dll
O2 - BHO: (no name) - {533D6212-A050-45D7-BE23-83055240BFAf} - C:\WINDOWS\system32\iuwgbwli.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb103\Dealio.dll
O2 - BHO: (no name) - {72E9376B-F721-4F51-A98A-6D7400F42EB5} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\taxgajgl.dll",realset
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

0

Can you please do the following.

===============

Can you disable Windows Defender as it may interfere with the removal process. Please leave it disabled until your PC has been given the all clear.

  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • After you uncheck this, click on the Save button
  • Close Windows Defender

===============

Go to Add/Remove programs and uninstall the following, if present:

OINSearch

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Scan with HijackThis and then place a check next to all the following, if present:


O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: (no name) - {1B92AE1A-4183-7D57-F04F-1BE338E5F9ED} - C:\WINDOWS\system32\kfbmgk.dll
O2 - BHO: (no name) - {533D6212-A050-45D7-BE23-83055240BFAf} - C:\WINDOWS\system32\iuwgbwli.dll
O2 - BHO: (no name) - {72E9376B-F721-4F51-A98A-6D7400F42EB5} - C:\WINDOWS\system32\geedb.dll (file missing)

O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\OIN Search

files...

C:\WINDOWS\system32\kfbmgk.dll
C:\WINDOWS\system32\iuwgbwli.dll
C:\WINDOWS\retadpu2000219.exe

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

0

Logfile of HijackThis v1.99.1
Scan saved at 1:04:04 PM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb103\Dealio.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\taxgajgl.dll",realset
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

the computer is running a lot faster than before now.

0

You may want to get rid of the following too, as it comes up as adware;

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb103\Dealio.dll

==

Other than that I see nothing else in your log. Please let me know if all is well with your pc before we close this :).

0

You are welcome :).

This thread is now closed. If you need it reopened, please send a PM to one of our Mods.

Include the link to the thread and detail why you need it reopened.

If this is not your thread please start a New Topic.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.