Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Im Infected, Need Help


  • Please log in to reply
9 replies to this topic

#1 Matt B

Matt B

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 16 August 2006 - 03:09 PM

I was told to post a HJT log in this topic:

http://www.bleepingcomputer.com/forums/t/62381/running-out-of-options-need-help-please/

It contains all of the options that I have done so far.

Here is my log:





Logfile of HijackThis v1.99.1
Scan saved at 1:06:02 PM, on 8/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lionel T. Stephens\Desktop\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146802427765
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:28 PM

Posted 16 August 2006 - 03:14 PM

Hello there and welcome to Bleeping Computer's security forum.
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll


Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Open hijackthis, click 'config' (bottom right)
Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'
In the field, copy and paste next:

C:\WINDOWS\SYSTEM32\winrge32.dll

Click open.
Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now.
When asked if you want to reboot now, say Yes.

Please download, install, and update Ewido anti-spyware
Load Ewido and then click the Update tab at the top.
Under Manual Update click Start update.

After the update finishes (the status bar at the bottom will display "Update successful")
Then click on the Scanner tab at the top.
Click the "Settings" tab and then change the recommended action to Quarantine.
Click Automatically generate report after every scan.
Click back to the "Scan" tab and then click on Complete System Scan.
This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side.

When the scan has finished, it will automatically set the recommended action.
Click the Apply all actions button.
Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As".
This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Close Ewido and reboot!! I need the log later.

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Also post the ewido log.

David

#3 Matt B

Matt B
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 16 August 2006 - 05:10 PM

Thanks for your help, David.

Here is my new HJT, Ewido, and Combofix logs (in order).



Logfile of HijackThis v1.99.1
Scan saved at 3:05:21 PM, on 8/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cscript.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Lionel T. Stephens\Desktop\Matt\DL\Anti-Malware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146802427765
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrge32 - winrge32.dll (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe


---------------------------------------------------------------------------------------------------

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:25:51 PM 8/16/2006

+ Scan result:



C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CD0JCRCJ\enter[1].htm -> Downloader.IstBar.ai : Cleaned with backup (quarantined).
C:\WINDOWS\temp\win177.tmp.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
:mozilla.124:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.216:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.327:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.489:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.502:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.503:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.527:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.828:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.861:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.862:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.838:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.249:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.250:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.220:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.295:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.296:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.950:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.413:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
:mozilla.906:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.803:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
:mozilla.585:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.586:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.598:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.590:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
:mozilla.617:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.618:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.653:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.312:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.313:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.314:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.315:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.316:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.317:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.231:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.232:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.233:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.234:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.235:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.241:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.242:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.245:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.690:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.691:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.692:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.693:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.694:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.695:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.696:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.697:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.698:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.699:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.700:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.701:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.702:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.703:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.704:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.705:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.706:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.707:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.708:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.719:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.720:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.721:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.722:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.847:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.739:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.740:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.741:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.742:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.743:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.744:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.745:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.746:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.747:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.748:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.749:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.750:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.751:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.752:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.753:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.754:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.755:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.756:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.869:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.792:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.831:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.832:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.833:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.834:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.835:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.836:C:\Documents and Settings\Lionel T. Stephens\Application Data\Mozilla\Firefox\Profiles\0rym0cd3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\WINDOWS\temp\win452.tmp.exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\WINDOWS\temp\win5C.tmp -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\WINDOWS\temp\win5E.tmp.exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd106.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd11D.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd17.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd21D.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd240.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd261.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd282.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd2A3.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd2C6.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd2E9.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd3.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd30A.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd31.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd32B.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd33.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd34E.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd36F.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd390.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd3A.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd3B1.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd3D2.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd3F3.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd3FB.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd456.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd5.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd50.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd60.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\idd9.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\iddCB.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\iddD.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\iddE4.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\temp\win30.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\WINDOWS\temp\win39.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).


::Report end


-----------------------------------------------------------------------------------------------------


Start Time= Wed 08/16/2006 15:03:44.12
Running from: C:\Documents and Settings\Lionel T. Stephens\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-16 13:38:36 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-08-16 13:04:26 ( .D... ) "C:\Program Files\HijackThis"
2006-08-16 11:24:08 ( .D... ) "C:\Program Files\SpywareBlaster"
2006-08-16 08:56:22 683520 ( A.... ) "C:\WINDOWS\is-JJHC6.exe"
2006-08-16 08:54:14 ( .D... ) "C:\Documents and Settings\Lionel T. Stephens\Application Data\PC Tools"
2006-08-15 13:54:36 40973 ( ..SH. ) "C:\WINDOWS\system32\vtusrst.dll"
2006-08-15 09:52:14 ( .D... ) "C:\Program Files\Lavasoft"
2006-08-15 09:20:48 ( .D... ) "C:\Program Files\Common Files\Smith Micro Shared"
2006-08-15 09:20:44 ( .D... ) "C:\Program Files\CheckIt"
2006-08-15 09:03:08 ( .D... ) "C:\Program Files\Common Files\mssoap"
2006-08-15 09:03:06 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-08-14 20:32:10 40973 ( A.SH. ) "C:\WINDOWS\system32\ssqpmnm.dll.vir"
2006-08-14 19:08:34 573492 ( A.SH. ) "C:\WINDOWS\system32\mljgd.dll.vir"
2006-08-14 17:44:22 40973 ( ..SH. ) "C:\WINDOWS\system32\opnkkkj.dll"
2006-08-07 12:43:22 ( .D... ) "C:\Program Files\iTunes"
2006-08-01 00:24:34 ( .D... ) "C:\Documents and Settings\Lionel T. Stephens\Application Data\IrfanView"
2006-07-30 19:32:52 ( .D... ) "C:\Program Files\Common Files\TI Shared"
2006-07-30 19:32:50 ( .D... ) "C:\Program Files\TI Education"
2006-07-30 19:31:36 ( .D... ) "C:\Program Files\Common Files\Wise Installation Wizard"
2006-07-27 06:24:46 679424 ( A.... ) "C:\WINDOWS\system32\inetcomm.dll"
2006-07-26 20:20:00 ( .D... ) "C:\Documents and Settings\Lionel T. Stephens\Application Data\ATI"
2006-07-23 12:02:00 ( .D... ) "C:\Documents and Settings\Lionel T. Stephens\Application Data\BitTorrent"
2006-07-23 12:01:46 ( .D... ) "C:\Program Files\BitTorrent"
2006-07-21 01:24:44 72704 ( A.... ) "C:\WINDOWS\system32\hlink.dll"
2006-07-15 20:15:42 ( .D... ) "C:\Documents and Settings\Lionel T. Stephens\Application Data\teamspeak2"
2006-07-15 20:15:20 ( .D... ) "C:\Program Files\Teamspeak2_RC2"
2006-07-14 08:31:40 332288 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2006-07-13 06:33:28 8453632 ( A.... ) "C:\WINDOWS\system32\shell32.dll"
2006-07-05 03:55:02 984064 ( A.... ) "C:\WINDOWS\system32\kernel32.dll"
2006-07-04 20:03:50 37027 ( A.... ) "C:\WINDOWS\atmoUn.exe"
2006-06-26 10:37:10 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-06-26 10:37:10 8192 ( A.... ) "C:\WINDOWS\system32\rasadhlp.dll"
2006-06-22 23:16:38 ( .D... ) "C:\Documents and Settings\Lionel T. Stephens\Application Data\uTorrent"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-07 16:27:00 520192 ( ..... ) "C:\WINDOWS\system32\ati2sgag.exe"
2006-06-07 14:09:10 260096 ( A.... ) "C:\WINDOWS\system32\ati2dvag.dll"
2006-06-07 14:07:42 307200 ( A.... ) "C:\WINDOWS\system32\atiiiexx.dll"
2006-06-07 14:04:48 114688 ( A.... ) "C:\WINDOWS\system32\atipdlxx.dll"
2006-06-07 14:04:36 77824 ( A.... ) "C:\WINDOWS\system32\Oemdspif.dll"
2006-06-07 14:04:30 26112 ( A.... ) "C:\WINDOWS\system32\Ati2mdxx.exe"
2006-06-07 14:04:26 41984 ( A.... ) "C:\WINDOWS\system32\ati2edxx.dll"
2006-06-07 14:04:16 61440 ( A.... ) "C:\WINDOWS\system32\ati2evxx.dll"
2006-06-07 14:03:20 409600 ( A.... ) "C:\WINDOWS\system32\ati2evxx.exe"
2006-06-07 14:02:58 53248 ( A.... ) "C:\WINDOWS\system32\ATIDDC.DLL"
2006-06-07 13:56:30 2754784 ( A.... ) "C:\WINDOWS\system32\ati3duag.dll"
2006-06-07 13:51:34 1751488 ( A.... ) "C:\WINDOWS\system32\ativvaxx.dll"
2006-06-07 13:46:04 6684672 ( A.... ) "C:\WINDOWS\system32\atioglx1.dll"
2006-06-07 13:43:38 5050368 ( A.... ) "C:\WINDOWS\system32\atioglxx.dll"
2006-06-07 13:40:38 204800 ( A.... ) "C:\WINDOWS\system32\atikvmag.dll"
2006-06-07 13:39:36 17408 ( A.... ) "C:\WINDOWS\system32\atitvo32.dll"
2006-06-07 13

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:28 PM

Posted 17 August 2006 - 03:20 AM

Hey there, the combofix log was cut off.
Please post the log in a seperate reply to this thread.
David

#5 Matt B

Matt B
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 17 August 2006 - 02:12 PM

Sorry about that. I made a new Combofix log today, but I didnt make any changes since.



Start Time= Thu 08/17/2006 12:10:26.85
Running from: C:\Documents and Settings\Lionel T. Stephens\Desktop\Matt\DL\Anti-Malware

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-16 13:38:36 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-08-16 13:04:26 ( .D... ) "C:\Program Files\HijackThis"
2006-08-16 11:24:08 ( .D... ) "C:\Program Files\SpywareBlaster"
2006-08-16 08:56:22 683520 ( A.... ) "C:\WINDOWS\is-JJHC6.exe"
2006-08-16 08:54:14 ( .D... ) "C:\Documents and Settings\Lionel T. Stephens\Application Data\PC Tools"
2006-08-15 13:54:36 40973 ( ..SH. ) "C:\WINDOWS\system32\vtusrst.dll"
2006-08-15 09:52:14 ( .D... ) "C:\Program Files\Lavasoft"
2006-08-15 09:20:48 ( .D... ) "C:\Program Files\Common Files\Smith Micro Shared"
2006-08-15 09:20:44 ( .D... ) "C:\Program Files\CheckIt"
2006-08-15 09:03:08 ( .D... ) "C:\Program Files\Common Files\mssoap"
2006-08-15 09:03:06 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-08-14 20:32:10 40973 ( A.SH. ) "C:\WINDOWS\system32\ssqpmnm.dll.vir"
2006-08-14 19:08:34 573492 ( A.SH. ) "C:\WINDOWS\system32\mljgd.dll.vir"
2006-08-14 17:44:22 40973 ( ..SH. ) "C:\WINDOWS\system32\opnkkkj.dll"
2006-08-07 12:43:22 ( .D... ) "C:\Program Files\iTunes"
2006-08-01 00:24:34 ( .D... ) "C:\Documents and Settings\Lionel T. Stephens\Application Data\IrfanView"
2006-07-30 19:32:52 ( .D... ) "C:\Program Files\Common Files\TI Shared"
2006-07-30 19:32:50 ( .D... ) "C:\Program Files\TI Education"
2006-07-30 19:31:36 ( .D... ) "C:\Program Files\Common Files\Wise Installation Wizard"
2006-07-27 06:24:46 679424 ( A.... ) "C:\WINDOWS\system32\inetcomm.dll"
2006-07-26 20:20:00 ( .D... ) "C:\Documents and Settings\Lionel T. Stephens\Application Data\ATI"
2006-07-23 12:02:00 ( .D... ) "C:\Documents and Settings\Lionel T. Stephens\Application Data\BitTorrent"
2006-07-23 12:01:46 ( .D... ) "C:\Program Files\BitTorrent"
2006-07-21 01:24:44 72704 ( A.... ) "C:\WINDOWS\system32\hlink.dll"
2006-07-15 20:15:42 ( .D... ) "C:\Documents and Settings\Lionel T. Stephens\Application Data\teamspeak2"
2006-07-15 20:15:20 ( .D... ) "C:\Program Files\Teamspeak2_RC2"
2006-07-14 08:31:40 332288 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2006-07-13 06:33:28 8453632 ( A.... ) "C:\WINDOWS\system32\shell32.dll"
2006-07-05 03:55:02 984064 ( A.... ) "C:\WINDOWS\system32\kernel32.dll"
2006-07-04 20:03:50 37027 ( A.... ) "C:\WINDOWS\atmoUn.exe"
2006-06-26 10:37:10 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-06-26 10:37:10 8192 ( A.... ) "C:\WINDOWS\system32\rasadhlp.dll"
2006-06-22 23:16:38 ( .D... ) "C:\Documents and Settings\Lionel T. Stephens\Application Data\uTorrent"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-07 16:27:00 520192 ( ..... ) "C:\WINDOWS\system32\ati2sgag.exe"
2006-06-07 14:09:10 260096 ( A.... ) "C:\WINDOWS\system32\ati2dvag.dll"
2006-06-07 14:07:42 307200 ( A.... ) "C:\WINDOWS\system32\atiiiexx.dll"
2006-06-07 14:04:48 114688 ( A.... ) "C:\WINDOWS\system32\atipdlxx.dll"
2006-06-07 14:04:36 77824 ( A.... ) "C:\WINDOWS\system32\Oemdspif.dll"
2006-06-07 14:04:30 26112 ( A.... ) "C:\WINDOWS\system32\Ati2mdxx.exe"
2006-06-07 14:04:26 41984 ( A.... ) "C:\WINDOWS\system32\ati2edxx.dll"
2006-06-07 14:04:16 61440 ( A.... ) "C:\WINDOWS\system32\ati2evxx.dll"
2006-06-07 14:03:20 409600 ( A.... ) "C:\WINDOWS\system32\ati2evxx.exe"
2006-06-07 14:02:58 53248 ( A.... ) "C:\WINDOWS\system32\ATIDDC.DLL"
2006-06-07 13:56:30 2754784 ( A.... ) "C:\WINDOWS\system32\ati3duag.dll"
2006-06-07 13:51:34 1751488 ( A.... ) "C:\WINDOWS\system32\ativvaxx.dll"
2006-06-07 13:46:04 6684672 ( A.... ) "C:\WINDOWS\system32\atioglx1.dll"
2006-06-07 13:43:38 5050368 ( A.... ) "C:\WINDOWS\system32\atioglxx.dll"
2006-06-07 13:40:38 204800 ( A.... ) "C:\WINDOWS\system32\atikvmag.dll"
2006-06-07 13:39:36 17408 ( A.... ) "C:\WINDOWS\system32\atitvo32.dll"
2006-06-07 13:38:22 290816 ( A.... ) "C:\WINDOWS\system32\ATIDEMGR.dll"
2006-06-07 13:35:18 286720 ( A.... ) "C:\WINDOWS\system32\ati2cqag.dll"
2006-05-19 05:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 05:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-01-06 01:01:04 140 ( A.... ) "C:\Program Files\i_view32.ini"
2006-01-06 00:59:54 440320 ( A.... ) "C:\Program Files\i_view32.exe"
2006-01-06 00:59:54 206436 ( A.... ) "C:\Program Files\i_view32.hlp"
2006-01-06 00:59:54 59062 ( A.... ) "C:\Program Files\i_changes.txt"
2006-01-06 00:59:54 32256 ( A.... ) "C:\Program Files\iv_uninstall.exe"
2006-01-06 00:59:54 10843 ( A.... ) "C:\Program Files\i_options.txt"
2006-01-06 00:59:54 5811 ( A.... ) "C:\Program Files\i_view32.cnt"
2006-01-06 00:59:54 5159 ( A.... ) "C:\Program Files\i_plugins.txt"
2006-01-06 00:59:54 2211 ( A.... ) "C:\Program Files\i_about.txt"
2006-01-06 00:59:54 765 ( A.... ) "C:\Program Files\i_languages.txt"
2006-01-06 00:59:54 661 ( A.... ) "C:\Program Files\i_view32.exe.manifest"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-16 08:56 683,520 C:\WINDOWS\is-JJHC6.exe
2006-08-15 14:24 1,072,480,256 C:\hiberfil.sys
2006-08-15 14:10 53,248 C:\WINDOWS\system32\Process.exe
2006-08-15 14:10 42,496 C:\WINDOWS\system32\swreg.exe
2006-08-15 14:10 40,960 C:\WINDOWS\system32\swsc.exe
2006-08-15 14:10 288,417 C:\WINDOWS\system32\SrchSTS.exe
2006-08-15 13:54 40,973 C:\WINDOWS\system32\vtusrst.dll
2006-08-14 20:32 40,973 C:\WINDOWS\system32\ssqpmnm.dll.vir
2006-08-14 19:08 573,492 C:\WINDOWS\system32\mljgd.dll.vir
2006-08-14 17:44 40,973 C:\WINDOWS\system32\opnkkkj.dll
2006-07-27 18:39 154,624 C:\WINDOWS\system32\fmod.dll
2006-07-04 20:03 37,027 C:\WINDOWS\atmoUn.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AGRSMMSG"="AGRSMMSG.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"VAIO Recovery"="C:\\WINDOWS\\Sonysys\\VAIO Recovery\\PartSeal.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"VAIO Update 2"="\"C:\\Program Files\\Sony\\VAIO Update 2\\VAIOUpdt.exe\" /Stationary"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"DeadAIM"="rundll32.exe \"C:\\PROGRA~1\\AIM\\\\DeadAIM.ocm\",ExportedCheckODLs"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"=""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{5A3E97DD-2A08-48BC-8F43-C0DEABC90266}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"="ALCMTR.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WinDefend


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Lionel T. Stephens.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Symantec Drmc.job

Completion time: Thu 08/17/2006 12:10:41.96
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-17.121026.txt

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:28 PM

Posted 17 August 2006 - 03:23 PM

Hello there,

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

1) Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O20 - Winlogon Notify: winrge32 - winrge32.dll (file missing)

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

2) Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5A3E97DD-2A08-48BC-8F43-C0DEABC90266}"=-

Save this as "fix.reg" Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

3) Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, copy and paste next in the field:

C:\WINDOWS\is-JJHC6.exe

Then click the Send File button below.
Please let me know when you have submitted the file.

4) Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\system32\vtusrst.dll
C:\WINDOWS\system32\ssqpmnm.dll.vir
C:\WINDOWS\system32\mljgd.dll.vir
C:\WINDOWS\system32\opnkkkj.dll


Open 'file' in the killboxmenu on top and choose Paste from clipboard
You must use the file File menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click "yes".
Click OK at any Pending File Rename Operations prompt, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now.

After the reboot post a new Hijackthis log.
Let me know how the system is running.
David

#7 Matt B

Matt B
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 18 August 2006 - 03:16 PM

Ok, I did everything you instructed, here is the new HJT Log:


Logfile of HijackThis v1.99.1
Scan saved at 1:14:34 PM, on 8/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Lionel T. Stephens\Desktop\Matt\DL\Anti-Malware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146802427765
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe


Thanks for your help,
Matt

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:28 PM

Posted 18 August 2006 - 03:32 PM

Hey Matt, I see a clean log here :thumbsup:
The file you uploaded is legitimate.
How is the system running?

#9 Matt B

Matt B
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 18 August 2006 - 10:21 PM

So far so good. My startup time slowed down a little. I guess its from the Ewido guard. I get the feeling that another Norton alert will pop up pretty soon. Well, I'm keeping all these programs that you recommended up to date, so I guess it should be fine. If I have any other problems, I'll know who to ask.

Thanks for your help,
Matt

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:28 PM

Posted 19 August 2006 - 01:37 PM

Hey Matt,

As ewido is just a trial version you can uninstall it via add/remove when ever you like. Many users find their computer slows down a bit when the ewido active guard is installed. If you remove the program you should find the normal boot time is restored.

Let me know if you have any more problems.
Glad I could help! :thumbsup:
The latest log is looking clean!
Follow this list and your potential for being infected again will be reduced dramatically.

Use an Anti Virus Software -
* It is very important that your computer has an anti-virus software running on your machine.
* This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
* Click here for more information on -> Computer Safety On line - Anti-Virus
* I would recommend Grisoft's AVG or AVAST.
* These are the more secure and better ones.

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall -
* I can not stress how important it is that you use a Firewall on your computer.
* Without a firewall your computer is susceptible to being hacked and taken over.
* Simply using a Firewall in its default configuration can lower your risk greatly.
* For an article on Firewalls and a listing of some available ones see the link below:
* Click here for more information on -> Computer Safety On line - Software Firewalls
* I would recommend ZoneAlarm as a firewall as it's easy to use.

Visit Microsoft's Windows Update Site Frequently -
* It is important that you visit http://www.windowsupdate.com regularly.
* This will ensure your computer has always the latest security updates available installed on your computer.
* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option.
* This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
* You should also scan your computer with program on a regular basis just as you would an anti virus software.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Lavasofts© Ad-Aware - Install and download Ad-Aware.
* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Javacools© SpywareBlaster -
* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
* A article on anti-malware products with links for this program and others can be found here:
* Click here for more info -->Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.

If you have any addition questions just ask...
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users