Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Plagued With Cid And Zone Media Pop Ups!


  • Please log in to reply
7 replies to this topic

#1 Hueligan

Hueligan

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 01 March 2007 - 07:39 PM

Hi there,

I'm a newbie and was overjoyed to find you with a Google search on "Zone Media".

Can you please help me eradicate these infuriating pop ups?

Here's my log file.

Logfile of HijackThis v1.99.1
Scan saved at 00:31:49, on 02/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [browse clock frag roam] C:\Documents and Settings\All Users\Application Data\WEB SAVE BROWSE CLOCK\delete slow.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.co.uk
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Many thanks.

Hueligan

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 01 March 2007 - 07:44 PM

Welcome to BC Hueligan :thumbsup:

Click on Start>Control Panel>Add/Remove Programs.
Uninstall/remove any of the following programs if listed:
Netpumper
Bitroll
Bitgrabber
CiD Help / CiD Manager
Download Plugin for Internet Explorer
Zone Media
This is because they are often bundled with the malware you are dealing with.
Don't worry if none of them are present.
If you happened to remove any of them please restart your pc.

******************************

Download NoLop.exe to your desktop.

* First close any other programs you have running as this will require a reboot.
* Double click NoLop.exe to run it.
* Then click the button labelled "Search and Destroy".
* When scanning is finished you will be prompted to reboot only if infected,click 'OK'.
* Now click the "REBOOT" Button.
* A Message should popup from NoLop, if not,double click the program again and it will finish.
Post the contents of C:\NoLop.log and a new Hijack This log into your next reply.

If you receive the error,that mscomctl.ocx or one of its dependencies are not correctly registered, please download this file to your 'System32' folder then rerun the program: http://www.boletrice.com/downloads/mscomctl.ocx
Posted Image
Posted Image

#3 Hueligan

Hueligan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 01 March 2007 - 08:07 PM

Hi Richie,

Thanks for the super fast response.

None of those programs were listed.

Ran No Lop and no infections found.

Here's the new log file as requested.

Regards

Hueligan

Logfile of HijackThis v1.99.1
Scan saved at 01:02:40, on 02/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [browse clock frag roam] C:\Documents and Settings\All Users\Application Data\WEB SAVE BROWSE CLOCK\delete slow.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.co.uk
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 01 March 2007 - 08:15 PM

Please make sure all hidden files are showing:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

*****************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O4 - HKLM\..\Run: [browse clock frag roam] C:\Documents and Settings\All Users\Application Data\WEB SAVE BROWSE CLOCK\delete slow.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -


Find and delete:
C:\Documents and Settings\All Users\Application Data\WEB SAVE BROWSE CLOCK

Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.
Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#5 Hueligan

Hueligan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 02 March 2007 - 06:19 AM

Hi Richie,

Just a quick question before I carry out the processes you have described. I am currently running the 90 day free trial version of Windows One Care. I previously used the licensed version of AVG 7.5. Do I need to disable/uninstall WOC before I install and run AVG?

Regards

Hueligan

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 02 March 2007 - 07:53 AM

Do I need to disable/uninstall WOC before I install and run AVG?

It's not necessary to disable/uninstall WOC before running AVG Anti Spyware.
Posted Image
Posted Image

#7 Hueligan

Hueligan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 02 March 2007 - 07:21 PM

Hi Richie,

I hope that this has been 6 hours well spent! Initial impressions are that problem has been solved. had a little surf and no pop ups to report so far.

Here is the Hijack This log file.

Logfile of HijackThis v1.99.1
Scan saved at 00:14:53, on 03/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.co.uk
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

And here is the AVG AS log file.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:06:10 03/03/2007

+ Scan result:



D:\System Volume Information\_restore{A2F88BA6-CD59-4FEB-9EBC-F670424F967B}\RP456\A0144409.vxd/C:/WINDOWS/system32/bbchk.exe -> Adware.BargainBuddy : Cleaned.
D:\System Volume Information\_restore{A2F88BA6-CD59-4FEB-9EBC-F670424F967B}\RP456\A0144409.vxd/C:/WINDOWS/system32/exdl.exe -> Adware.BargainBuddy : Cleaned.
D:\System Volume Information\_restore{A2F88BA6-CD59-4FEB-9EBC-F670424F967B}\RP456\A0144409.vxd/C:/WINDOWS/system32/exul.exe -> Adware.BargainBuddy : Cleaned.
D:\System Volume Information\_restore{A2F88BA6-CD59-4FEB-9EBC-F670424F967B}\RP456\A0144409.vxd/C:/WINDOWS/system32/javexulm.vxd -> Adware.BargainBuddy : Cleaned.
D:\System Volume Information\_restore{A2F88BA6-CD59-4FEB-9EBC-F670424F967B}\RP456\A0144409.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Adware.BargainBuddy : Cleaned.
D:\System Volume Information\_restore{A2F88BA6-CD59-4FEB-9EBC-F670424F967B}\RP456\A0144409.vxd/C:/WINDOWS/system32/exclean.exe -> Adware.Exact : Cleaned.
D:\Program Files\TalkTalk Online Security\FWES\program\fsdfwd.exe -> Adware.Gator : Cleaned.
D:\System Volume Information\_restore{9DC3B5BB-D45F-481B-9128-17706F6CD196}\RP43\A0010109.DLL -> Adware.MyWaySpeed : Cleaned.
D:\Program Files\PrintView\printhook030.dll -> Adware.PrintView : Cleaned.
D:\System Volume Information\_restore{A2F88BA6-CD59-4FEB-9EBC-F670424F967B}\RP456\A0144410.exe -> Adware.PrintView : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP135\A0124471.ini -> Adware.Qworke : Cleaned.
C:\Program Files\RXToolBar -> Adware.RXToolbar : Cleaned.
D:\System Volume Information\_restore{9DC3B5BB-D45F-481B-9128-17706F6CD196}\RP107\A0039935.INI -> Adware.Sahat : Cleaned.
D:\WINDOWS\system32\70tovmto.ini -> Adware.Sahat : Cleaned.
D:\WINXP2\system32\70tovmto.ini -> Adware.Sahat : Cleaned.
C:\Documents and Settings\Andy\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned.
C:\Documents and Settings\Andy\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned.
D:\System Volume Information\_restore{A2F88BA6-CD59-4FEB-9EBC-F670424F967B}\RP456\A0144405.exe -> Adware.SaveNow : Cleaned.
D:\WINXP2\system32\flvlccxn.exe -> Adware.Searchcolor : Cleaned.
D:\WINXP2\system32\tcqpesyg.exe -> Adware.Searchcolor : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP135\A0124366.exe -> Adware.Udefender : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Local Settings\Temp\win10B.tmp.exe -> Adware.Virtumionde : Cleaned.
D:\System Volume Information\_restore{A2F88BA6-CD59-4FEB-9EBC-F670424F967B}\RP472\A0150528.dll -> Adware.Virtumionde : Cleaned.
D:\System Volume Information\_restore{A2F88BA6-CD59-4FEB-9EBC-F670424F967B}\RP456\A0144406.exe -> Adware.WinAD : Cleaned.
D:\System Volume Information\_restore{A2F88BA6-CD59-4FEB-9EBC-F670424F967B}\RP456\A0144409.vxd/C:/WINDOWS/system32/msexreg.exe -> Dialer.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP138\A0131626.exe -> Downloader.Agent.rr : Cleaned.
D:\System Volume Information\_restore{A2F88BA6-CD59-4FEB-9EBC-F670424F967B}\RP456\A0144411.exe -> Downloader.Small.buy : Cleaned.
D:\WINXP2\system32\isnotify.exe -> Downloader.Zlob : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP140\A0134675.exe -> Downloader.Zlob.aes : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP144\A0139760.exe -> Downloader.Zlob.aew : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP146\A0140797.exe -> Downloader.Zlob.aew : Cleaned.
D:\WINXP2\system32\components\flx2.dll -> Downloader.Zlob.afb : Cleaned.
D:\WINXP2\system32\components\flx3.dll -> Downloader.Zlob.afb : Cleaned.
D:\WINXP2\system32\components\flx5.dll -> Downloader.Zlob.afb : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP140\A0134648.exe -> Downloader.Zlob.alf : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP144\A0137759.exe -> Downloader.Zlob.amm : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP147\A0141914.exe -> Downloader.Zlob.ans : Cleaned.
D:\WINXP2\Temp\win374.tmp -> Downloader.Zlob.aop : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP133\A0117283.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP133\A0117293.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP133\A0118292.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP133\A0119292.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP134\A0120291.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP134\A0121292.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP134\A0122291.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP134\A0122302.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP134\A0122316.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP134\A0122325.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP134\A0122332.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP134\A0122344.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP134\A0122352.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP134\A0123351.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP134\A0123359.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP135\A0123362.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP135\A0124360.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP135\A0124453.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP135\A0124486.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP135\A0125486.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP135\A0126486.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP135\A0127488.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP136\A0128486.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP136\A0129487.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP136\A0130486.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP136\A0130508.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP136\A0130525.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP136\A0130543.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP136\A0131542.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP138\A0131609.exe -> Downloader.Zlob.yt : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP138\A0131662.exe -> Downloader.Zlob.yt : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Local Settings\Temp\ahgscfkt.dll -> Logger.VBStat.e : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Local Settings\Temp\auodbngn.dll -> Logger.VBStat.e : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Local Settings\Temp\lvumlmtu.dll -> Logger.VBStat.e : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Local Settings\Temp\tgpcpihy.dll -> Logger.VBStat.e : Cleaned.
D:\WINXP2\system32\ljanwvoj.dll -> Logger.VBStat.e : Cleaned.
D:\WINXP2\system32\ndgtswbc.dll -> Logger.VBStat.e : Cleaned.
D:\WINXP2\system32\sghkolbi.dll -> Logger.VBStat.e : Cleaned.
:mozilla.73:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.94:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Keith\Cookies\keith@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@hotelscom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@ad.adocean[2].txt -> TrackingCookie.Adocean : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@netli.media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@netli.media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Keith\Cookies\keith@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned.
:mozilla.16:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Keith\Cookies\keith@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Keith\Cookies\keith@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@install.bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.95:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Gonzo\Cookies\gonzo@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Keith\Cookies\keith@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Keith\Cookies\keith@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.25:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Keith\Cookies\keith@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.89:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.90:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Gonzo\Cookies\gonzo@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@com[1].txt -> TrackingCookie.Com : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@com[1].txt -> TrackingCookie.Com : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.12:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Keith\Cookies\keith@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.55:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.74:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.97:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.98:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.99:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Keith\Cookies\keith@ehg-zoomerang.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Keith\Cookies\keith@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@ehg-baa.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned.
C:\Documents and Settings\Gonzo\Cookies\gonzo@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Keith\Cookies\keith@server.lon.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@server.lon.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Keith\Cookies\keith@www.lop[1].txt -> TrackingCookie.Lop : Cleaned.
C:\Documents and Settings\Keith\Cookies\keith@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@overture[1].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.30:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.38:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.39:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.40:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.41:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.42:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.43:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.44:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.45:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Gonzo\Cookies\gonzo@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.81:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.82:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Keith\Cookies\keith@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Keith\Cookies\keith@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.71:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.22:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@free.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.27:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:D:\Documents and Settings\Sweed.ANDY\Application Data\Mozilla\Firefox\Profiles\z0ohyzjp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Keith\Cookies\keith@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Maria\Cookies\maria@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\Documents and Settings\Sweed.ANDY\Cookies\sweed@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\WINXP2\Temp\mst373.tmp -> Trojan.Agent.tex : Cleaned.
D:\WINXP2\system32\grvyvvln.dll -> Trojan.BHO.g : Cleaned.
D:\WINXP2\system32\guplkfkj.dll -> Trojan.BHO.g : Cleaned.
D:\WINXP2\Temp\win374.tmp.exe -> Trojan.Dialer.qs : Cleaned.
D:\WINXP2\Temp\win89.tmp.exe -> Trojan.Dialer.qs : Cleaned.
D:\WINXP2\Temp\winE7.tmp.exe -> Trojan.Dialer.qs : Cleaned.
D:\WINXP2\Downloaded Program Files\v3.dll -> Trojan.EliteBar.a : Cleaned.
D:\WINXP2\Temp\win53.tmp.exe -> Trojan.Pakes : Cleaned.
D:\WINXP2\Temp\win60.tmp.exe -> Trojan.Pakes : Cleaned.
D:\WINXP2\Temp\win9D.tmp.exe -> Trojan.Pakes : Cleaned.
D:\WINXP2\Temp\winBB.tmp.exe -> Trojan.Pakes : Cleaned.
D:\WINXP2\Temp\winBF.tmp.exe -> Trojan.Pakes : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP128\A0111215.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP130\A0112221.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP131\A0114219.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP132\A0115223.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP133\A0116268.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP133\A0116277.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP133\A0117297.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP133\A0118295.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP134\A0122296.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP134\A0122319.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP135\A0124378.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP135\A0124461.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP135\A0126498.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP136\A0130493.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP136\A0130531.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP140\A0134630.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP140\A0134673.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP143\A0135717.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP148\A0143932.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP148\A0144007.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP148\A0144018.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP148\A0144019.dll -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP149\A0145022.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP149\A0146023.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{11384310-0236-46BF-AB48-B669F314B0C3}\RP156\A0150123.exe -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{A2F88BA6-CD59-4FEB-9EBC-F670424F967B}\RP456\A0144314.vbs -> Trojan.Small : Cleaned.
D:\System Volume Information\_restore{A2F88BA6-CD59-4FEB-9EBC-F670424F967B}\RP456\A0144386.vbs -> Trojan.Small : Cleaned.
D:\WINXP2\system32\wnststr.exe -> Trojan.Small : Cleaned.


::Report end

I'm really grateful for your help with this.

Regards

Hueligan

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 02 March 2007 - 07:37 PM

Your log is clean :thumbsup:
If all's ok,please do the following:

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Create a new 'System Restore' point:
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description,then click on 'Create',then click 'Close'.
The date and time is created automatically.

You should now go to Windows Update and install any available critical/high priority updates.

Read through the info found here,to help you prevent any possible future infections.
How did I get infected?
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

**********************************

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6.0'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users