We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Unable to get rid of pop-ups
su4stu
Posts: 294 Forumite
in Techie Stuff
I have ran spybot and adaware and also have installed super ad blocker but still continue to get CiD pop-ups every few minutes. I wonder if anyone can suggest a way to stop them as they are starting to really get on my nerves. I've pasted my hijack this logfile below. Thanks
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:57:53, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Common Files\AOL\1178090272\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\aol\1178090272\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1178090272\ee\aolsoftware.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\susan\My Documents\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SuperAdBlockerBHO Class - !!00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178090272\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\Bash long.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\DOCUME~1\susan\LOCALS~1\Temp\SAUPDATE.EXE Software\SuperAdBlocker.com\SuperAdBlocker
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\susan\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: !!67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\!!7D948821-7364-4246-90BF-F15F4B9B7BC2}: NameServer = 205.188.146.145
O22 - SharedTaskScheduler: Browseui preloader - !!438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - !!8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
--
End of file - 8894 bytes
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:57:53, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Common Files\AOL\1178090272\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\aol\1178090272\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1178090272\ee\aolsoftware.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\susan\My Documents\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SuperAdBlockerBHO Class - !!00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178090272\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\Bash long.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\DOCUME~1\susan\LOCALS~1\Temp\SAUPDATE.EXE Software\SuperAdBlocker.com\SuperAdBlocker
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\susan\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: !!67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\!!7D948821-7364-4246-90BF-F15F4B9B7BC2}: NameServer = 205.188.146.145
O22 - SharedTaskScheduler: Browseui preloader - !!438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - !!8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
--
End of file - 8894 bytes
If you always do what you've always done...
you'll always get what you've always gotten
you'll always get what you've always gotten
0
Comments
-
Hi Su4stu,
This is almost certainly a LOP infection.
This forum is not the best place to get a HijackThis log commented on - although you sometimes get an expert looking in, it doesn't happen anywhere near as much as on a specialised forum like this one:
http://forum.tweaks.com/forum/Forum29-1.aspx
You should get a good talk-through on how to use NoLOP there. If not, just Google for "cid popup removal" and you'll find others that can help.0 -
Luckily, I eat Lop infections for breakfast.
Go to Start, then Control Panel and then Add/Remove Programs. Click Remove on any of the following:
CiD Help
CiD Manager
Messenger plus or messenger plus and client
Download Plugin for Internet Explorer
Bitdownload
Zone Media
WinZix
Search Plugin
Bitgrabber
BitRol
Netpumper
Torrent101
W3player
While uninstalling the above, if you're asked for a Verification code, please enter the numbers that appear in the window.
Once done, restart your machine - Important!
Then download Deljob.exe and save it to your desktop.
Doubleclick Deljob.exe to generate a logfile called logit.txt on your desktop.
Post the contents of the logfile in your next reply please.0 -
Thanks Alfonso. I didn't have any of the programme's suggested for deletion so I have posted the logfile below.
No LOP jobs found
Files remaining after cleaning
AppleSoftwareUpdate.job
Norton Security Scan.job
App data folders
Volume in drive C is ACER
Volume Serial Number is 096D-2B70
Directory of C:\Documents and Settings\susan\Application Data
28/04/2007 02:49 <DIR> .
28/04/2007 02:49 <DIR> ..
17/03/2005 08:23 <DIR> IDENTI~1 Identities
17/03/2005 06:44 <DIR> MICROS~1 Microsoft
28/04/2007 02:56 <DIR> MACROM~1 Macromedia
29/04/2007 11:47 <DIR> HELP Help
02/05/2007 08:20 <DIR> YOU'VE~1 You've Got Pictures Screensaver
03/05/2007 10:57 <DIR> AOL
04/05/2007 13:00 <DIR> APPLEC~1 Apple Computer
06/05/2007 20:05 <DIR> REAL Real
06/05/2007 22:10 <DIR> CYBERL~1 CyberLink
09/05/2007 17:48 <DIR> MOZILLA Mozilla
12/05/2007 12:57 <DIR> ADOBE Adobe
12/05/2007 12:57 <DIR> ADOBEUM AdobeUM
12/05/2007 22:50 <DIR> SUN Sun
17/05/2007 23:34 <DIR> LAVASOFT Lavasoft
20/05/2007 14:01 <DIR> IWIN iWin
26/06/2007 20:04 <DIR> GOOGLE Google
15/07/2007 13:08 <DIR> VIEWPO~1 Viewpoint
15/07/2007 15:40 <DIR> VIDEOEGG VideoEgg
16/07/2007 18:30 <DIR> dvdcss
19/07/2007 16:41 <DIR> ZYLOM Zylom
28/07/2007 00:27 <DIR> HOUSEC~1.6 HouseCall 6.6
05/08/2007 20:59 <DIR> WSINSP~1 wsInspector
11/08/2007 15:56 <DIR> COREL Corel
15/09/2007 18:41 <DIR> SAMSUNG Samsung
25/09/2007 16:02 <DIR> WTABLET WTablet
25/09/2007 19:30 <DIR> ARCSOFT ArcSoft
07/10/2007 20:57 <DIR> INSTAL~1 InstallShield
19/10/2007 13:57 <DIR> PLAYFI~1 PlayFirst
16/11/2007 18:29 <DIR> AVG7
25/11/2007 11:22 <DIR> FLOODL~1 Flood Light Games
22/12/2007 22:08 <DIR> BIGFIS~1 Big Fish Games
08/01/2008 22:56 <DIR> OBJBUR~1 Obj burn
11/01/2008 23:16 <DIR> SUPERA~1.COM SuperAdBlocker.com
0 File(s) 0 bytes
35 Dir(s) 29,821,927,424 bytes free
Volume in drive C is ACER
Volume Serial Number is 096D-2B70
Directory of C:\Documents and Settings\All Users\Application Data
24/11/2006 11:56 <DIR> .
24/11/2006 11:56 <DIR> ..
17/03/2005 06:44 <DIR> MICROS~1 Microsoft
24/05/2006 22:15 <DIR> SYMANTEC Symantec
28/04/2007 04:38 <DIR> CYBERL~1 CyberLink
02/05/2007 08:17 <DIR> AOL
02/05/2007 08:19 <DIR> QUICKT~1 QuickTime
02/05/2007 08:20 <DIR> VIEWPO~1 Viewpoint
03/05/2007 10:53 <DIR> WINDOW~1 Windows Genuine Advantage
04/05/2007 12:58 <DIR> APPLEC~1 Apple Computer
08/05/2007 16:19 <DIR> PURENE~1 Pure Networks
08/05/2007 17:55 <DIR> WINDOW~2 Windows Live Toolbar
12/05/2007 13:12 <DIR> ADOBE Adobe
12/05/2007 23:40 <DIR> TEMP
17/05/2007 23:43 <DIR> TRYMEDIA Trymedia
26/06/2007 18:34 <DIR> GOOGLE Google
07/07/2007 23:50 <DIR> BIGFIS~1 BigFishGamesCache
19/07/2007 16:40 <DIR> ZYLOM Zylom
28/07/2007 00:20 <DIR> SPYBOT~1 Spybot - Search & Destroy
06/08/2007 01:10 <DIR> APPLE Apple
11/08/2007 15:55 <DIR> COREL Corel
21/08/2007 19:19 <DIR> SPINTO~1 SpinTop Games
18/10/2007 20:16 <DIR> SANDLO~1 Sandlot Games
19/10/2007 13:57 <DIR> PLAYFI~1 PlayFirst
26/10/2007 18:31 <DIR> AOLDOW~1 AOL Downloads
16/11/2007 00:44 <DIR> AVG7 Avg7
16/11/2007 18:21 <DIR> GRISOFT Grisoft
25/11/2007 11:23 <DIR> FLOODL~1 Flood Light Games
04/01/2008 19:05 <DIR> CASTPI~1 Cast ping base frag
09/01/2008 16:49 <DIR> WLINST~1 WLInstaller
0 File(s) 0 bytes
30 Dir(s) 29,821,927,424 bytes free
If you always do what you've always done...
you'll always get what you've always gotten0 -
Copy these instructions to notepad for use while in Safe Mode.
Step # 1
Reboot into SAFE MODE please.- Click Start and then click Turn Off Computer.
- In the Turn Off Windows dialog box, click Restart, and then click OK.
- As your computer restarts but before Windows launches, press F8 repeatedly.
- Use the arrow keys to highlight Safe Mode, and then press ENTER.
- If you have a dual-boot or multiple-boot system, choose the installation that you need to access using the arrow keys, and then press ENTER.
- Note: If Windows launches before you can choose a safe mode, restart your computer and try again.
Scan with HijackThis and place a checkmark in the boxes before the following entries:-
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\Bash long.exe
Close all other windows except HijackThis and click the "Fix Checked" button.
Close HijackThis.
Step # 3
Reveal Hidden Files:- Click Start and open My Computer.
- Select Tools from the menu.
- Click Folder Options.
- Select the View Tab.
- Select Show hidden files and folders in the Hidden files and folders section.
- Uncheck Hide protected operating system files (recommended) option.
- Uncheck the Hide file extensions for known file types option.
- Click Yes then OK.
- Right-click the Start button and select Explore.
- Click the + sign beside Local Disk ( C: ) to expand the root directory.
- Expand the directories further until you find the following:
Once found, right click the folder and select delete.
Step # 4
Restart the machine in normal mode and run an online scan at Panda ActiveScan- Once on the Panda site click the Scan your PC button and then the Check Now button on the next screen.
- Enter your details in the required fields.
- Then click the big Scan Now button.
- Allow the Active X component to install and download the necessary files.
- When the download is complete, click on Local Disks to start the scan.
- Upon scan completion, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
0 -
Thanks again Alfonso. hijack results below
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:27:22, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Common Files\AOL\1178090272\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\aol\1178090272\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1178090272\ee\aolsoftware.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\susan\My Documents\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O2 - BHO: SuperAdBlockerBHO Class - !!00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178090272\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [Ball sign] C:\DOCUME~1\susan\APPLIC~1\OBJBUR~1\Site Vga.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\susan\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: !!67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: !!9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - !!438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - !!8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
--
End of file - 9156 bytesIf you always do what you've always done...
you'll always get what you've always gotten0 -
I have had to post my panda results in a few posts as it was too long for one.Not sure why the smilies have appeared as I only copied and pasted from my documents
panda results
Incident Status Location
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Adware:Adware/Trymedia Not disinfected C:\Documents and Settings\SUSAN\My Documents\mpeSetup-dm.exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\SUSAN\Cookies\susan@atdmt[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[statse.webtrendslive.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.adrevolver.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.adviva.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.com.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[server.iad.liveperson.net/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.azjmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.adserver.easyad.info/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.adtech.de/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.bravenet.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.go.com/]
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.pacificpoker.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\SUSAN\Application Data\Mozilla\Firefox\Profiles\dtvpfixa.default\COOKIES.TXT[www.burstbeacon.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ROSS\Application Data\Mozilla\Firefox\Profiles\w3opmx8y.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\ROSS\Application Data\Mozilla\Firefox\Profiles\w3opmx8y.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\SOPHIE\Application Data\Mozilla\Firefox\Profiles\30wwnwbt.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\SOPHIE\Application Data\Mozilla\Firefox\Profiles\30wwnwbt.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\SOPHIE\Application Data\Mozilla\Firefox\Profiles\30wwnwbt.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\SOPHIE\Application Data\Mozilla\Firefox\Profiles\30wwnwbt.default\COOKIES.TXT[.tradedoubler.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\SOPHIE\Application Data\Mozilla\Firefox\Profiles\30wwnwbt.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\SOPHIE\Application Data\Mozilla\Firefox\Profiles\30wwnwbt.default\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\SOPHIE\Application Data\Mozilla\Firefox\Profiles\30wwnwbt.default\COOKIES.TXT[.apmebf.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\SOPHIE\Application Data\Mozilla\Firefox\Profiles\30wwnwbt.default\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\SOPHIE\Application Data\Mozilla\Firefox\Profiles\30wwnwbt.default\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\SOPHIE\Application Data\Mozilla\Firefox\Profiles\30wwnwbt.default\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\SOPHIE\Application Data\Mozilla\Firefox\Profiles\30wwnwbt.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\SOPHIE\Application Data\Mozilla\Firefox\Profiles\30wwnwbt.default\COOKIES.TXT[.casalemedia.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\SOPHIE\Application Data\Mozilla\Firefox\Profiles\30wwnwbt.default\COOKIES.TXT[.did-it.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\SOPHIE\Application Data\Mozilla\Firefox\Profiles\30wwnwbt.default\COOKIES.TXT[.statcounter.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\STUART\Cookies\stuart@888[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\STUART\Cookies\stuart@target[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\STUART\Cookies\stuart@did-it[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\STUART\Cookies\stuart@888[3].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\STUART\Cookies\stuart@888[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.247realmedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.realmedia.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.adviva.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.bluestreak.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.888.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.tradedoubler.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.statcounter.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.zedo.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.drivecleaner.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.errorsafe.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.casalemedia.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[statse.webtrendslive.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.apmebf.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[hc2.humanclick.com/hc/76767130]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[hc2.humanclick.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\5ypg98l3.default\COOKIES.TXT[.adtech.de/]
Virus:Generic Malware Disinfected C:\Documents and Settings\NICOLLE\Desktop\ZwinkySetup2.2.60.11-2.exe
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\NICOLLE\Cookies\nicolle@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\NICOLLE\Cookies\nicolle@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\NICOLLE\Application Data\Mozilla\Firefox\Profiles\hehq16n8.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\NICOLLE\Application Data\Mozilla\Firefox\Profiles\hehq16n8.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\NICOLLE\Application Data\Mozilla\Firefox\Profiles\hehq16n8.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\NICOLLE\Application Data\Mozilla\Firefox\Profiles\hehq16n8.default\COOKIES.TXT[.doubleclick.net/]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Recycled\Dc1.exe[nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Recycled\Dc1.exe[nircmd.cfexe]
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.026\FILE0026.CHK
Spyware:Cookie/Advertising Not disinfected C:\FOUND.029\FILE0088.CHK
Spyware:Cookie/fe.lea.lycos Not disinfected C:\FOUND.031\FILE0010.CHK
Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.031\FILE0012.CHK
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.032\FILE0021.CHK[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.038\FILE0074.CHK
Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.038\FILE0091.CHK
Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.040\FILE0023.CHK
Spyware:Cookie/Advertising Not disinfected C:\FOUND.040\FILE0031.CHK
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.045\FILE0000.CHK[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.045\FILE0000.CHK[.ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.045\FILE0000.CHK[.casalemedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.045\FILE0000.CHK[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\FOUND.045\FILE0000.CHK[.fastclick.net/]
Spyware:Cookie/Xiti Not disinfected C:\FOUND.045\FILE0000.CHK[.xiti.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.045\FILE0000.CHK[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.045\FILE0000.CHK[.bs.serving-sys.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.045\FILE0000.CHK[.adrevolver.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.045\FILE0000.CHK[statse.webtrendslive.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.045\FILE0000.CHK[.trafficmp.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.045\FILE0000.CHK[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\FOUND.045\FILE0000.CHK[.realmedia.com/]
Spyware:Cookie/bravenetA Not disinfected C:\FOUND.045\FILE0000.CHK[.bravenet.com/]
Spyware:Cookie/Statcounter Not disinfected C:\FOUND.045\FILE0000.CHK[.statcounter.com/]
Spyware:Cookie/onestat.com Not disinfected C:\FOUND.045\FILE0000.CHK[stat.onestat.com/]
Spyware:Cookie/Statcounter Not disinfected C:\FOUND.045\FILE0000.CHK[.statcounter.com/]
Spyware:Cookie/onestat.com Not disinfected C:\FOUND.045\FILE0000.CHK[stat.onestat.com/]
Spyware:Cookie/Statcounter Not disinfected C:\FOUND.045\FILE0000.CHK[.statcounter.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.045\FILE0000.CHK[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.045\FILE0000.CHK[server.iad.liveperson.net/hc/6427088]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.045\FILE0000.CHK[server.iad.liveperson.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.045\FILE0000.CHK[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.045\FILE0000.CHK[.tribalfusion.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\FOUND.045\FILE0000.CHK[.questionmarket.com/]
Spyware:Cookie/Com.com Not disinfected C:\FOUND.045\FILE0000.CHK[.com.com/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.045\FILE0000.CHK[.advertising.com/]
Spyware:Cookie/888 Not disinfected C:\FOUND.045\FILE0000.CHK[.888.com/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.045\FILE0000.CHK[.advertising.com/]
Spyware:Cookie/Adtech Not disinfected C:\FOUND.045\FILE0000.CHK[.adtech.de/]
Spyware:Cookie/Adserver Not disinfected C:\FOUND.045\FILE0000.CHK[.adserver.easyad.info/]
Spyware:Cookie/Adtech Not disinfected C:\FOUND.045\FILE0000.CHK[.adtech.de/]
Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.045\FILE0000.CHK[.tradedoubler.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\FOUND.045\FILE0000.CHK[.bluestreak.com/]
Spyware:Cookie/PointRoll Not disinfected C:\FOUND.045\FILE0000.CHK[.ads.pointroll.com/]
Spyware:Cookie/Adviva Not disinfected C:\FOUND.045\FILE0000.CHK[.adviva.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.047\FILE0004.CHK
Spyware:Cookie/FastClick Not disinfected C:\FOUND.059\FILE0005.CHK[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.059\FILE0005.CHK[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.059\FILE0005.CHK[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.059\FILE0005.CHK[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.059\FILE0005.CHK[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.059\FILE0005.CHK[.atdmt.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.059\FILE0005.CHK[.tradedoubler.com/]
Spyware:Cookie/2o7 Not disinfected C:\FOUND.059\FILE0005.CHK[.112.2o7.net/]
Spyware:Cookie/Bfast Not disinfected C:\FOUND.059\FILE0005.CHK[.bfast.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.059\FILE0005.CHK[server.iad.liveperson.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.059\FILE0005.CHK[.mediaplex.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.059\FILE0005.CHK[.adrevolver.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.059\FILE0005.CHK[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\FOUND.059\FILE0005.CHK[.statcounter.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.059\FILE0005.CHK[.tribalfusion.com/]
Spyware:Cookie/Zedo Not disinfected C:\FOUND.059\FILE0005.CHK[.zedo.com/]
Spyware:Cookie/Adtech Not disinfected C:\FOUND.059\FILE0005.CHK[.adtech.de/]
Spyware:Cookie/QuestionMarket Not disinfected C:\FOUND.059\FILE0005.CHK[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.059\FILE0005.CHK[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.059\FILE0005.CHK[.bs.serving-sys.com/]
Spyware:Cookie/Overture Not disinfected C:\FOUND.059\FILE0005.CHK[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\FOUND.059\FILE0005.CHK[.perf.overture.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\FOUND.059\FILE0005.CHK[.errorsafe.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\FOUND.059\FILE0005.CHK[stats1.reliablestats.com/]
Spyware:Cookie/Com.com Not disinfected C:\FOUND.059\FILE0005.CHK[.com.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\FOUND.059\FILE0005.CHK[.winantivirus.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\FOUND.059\FILE0005.CHK[winantivirus.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\FOUND.059\FILE0005.CHK[.bluestreak.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\FOUND.059\FILE0005.CHK[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\FOUND.059\FILE0005.CHK[www.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\FOUND.059\FILE0005.CHK[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\FOUND.059\FILE0005.CHK[stats.drivecleaner.com/]
Spyware:Cookie/RealMedia Not disinfected C:\FOUND.059\FILE0005.CHK[.realmedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.059\FILE0005.CHK[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\FOUND.059\FILE0005.CHK[.247realmedia.com/]
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\FOUND.059\FILE0005.CHK[.pacificpoker.com/]
Spyware:Cookie/888 Not disinfected C:\FOUND.059\FILE0005.CHK[.888.com/]
Spyware:Cookie/Hitslink Not disinfected C:\FOUND.059\FILE0005.CHK[counter.hitslink.com/]
Spyware:Cookie/BurstNet Not disinfected C:\FOUND.059\FILE0005.CHK[.burstnet.com/]
Spyware:Cookie/NewMedia Not disinfected C:\FOUND.059\FILE0005.CHK[.anm.co.uk/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.059\FILE0005.CHK[statse.webtrendslive.com/]
Spyware:Cookie/PointRoll Not disinfected C:\FOUND.059\FILE0005.CHK[.ads.pointroll.com/]
Spyware:Cookie/Adserver Not disinfected C:\FOUND.059\FILE0005.CHK[.adserver.easyad.info/]
Spyware:Cookie/Atwola Not disinfected C:\FOUND.059\FILE0005.CHK[.atwola.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.060\FILE0005.CHK[.doubleclick.net/]If you always do what you've always done...
you'll always get what you've always gotten0 -
More panda results.
Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.060\FILE0005.CHK[.atdmt.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.060\FILE0005.CHK[.tradedoubler.com/]
Spyware:Cookie/FastClick Not disinfected C:\FOUND.060\FILE0005.CHK[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.060\FILE0005.CHK[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.060\FILE0005.CHK[.mediaplex.com/]
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.060\FILE0005.CHK[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.068\FILE0004.CHK[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.068\FILE0004.CHK[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.068\FILE0004.CHK[.advertising.com/]
Spyware:Cookie/Adviva Not disinfected C:\FOUND.068\FILE0004.CHK[.adviva.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.068\FILE0004.CHK[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.068\FILE0004.CHK[.bs.serving-sys.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\FOUND.068\FILE0004.CHK[.questionmarket.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.068\FILE0004.CHK[.tradedoubler.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.068\FILE0004.CHK[.adrevolver.com/]
Spyware:Cookie/FastClick Not disinfected C:\FOUND.068\FILE0004.CHK[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.068\FILE0004.CHK[ad.yieldmanager.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.068\FILE0004.CHK[statse.webtrendslive.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.068\FILE0004.CHK[.mediaplex.com/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\FOUND.068\FILE0004.CHK[fe.lea.lycos.fr/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\FOUND.068\FILE0004.CHK[.adultfriendfinder.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.068\FILE0004.CHK[.tribalfusion.com/]
Spyware:Cookie/RealMedia Not disinfected C:\FOUND.068\FILE0004.CHK[.247realmedia.com/]
Spyware:Cookie/Xiti Not disinfected C:\FOUND.068\FILE0004.CHK[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected C:\FOUND.068\FILE0004.CHK[.com.com/]
Spyware:Cookie/BurstNet Not disinfected C:\FOUND.068\FILE0004.CHK[.burstnet.com/]
Spyware:Cookie/RealMedia Not disinfected C:\FOUND.068\FILE0004.CHK[.realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\FOUND.068\FILE0004.CHK[.zedo.com/]
Spyware:Cookie/Adserver Not disinfected C:\FOUND.068\FILE0004.CHK[adserver.filefront.com/]
Spyware:Cookie/Statcounter Not disinfected C:\FOUND.068\FILE0004.CHK[.statcounter.com/]
Spyware:Cookie/Hitslink Not disinfected C:\FOUND.068\FILE0004.CHK[counter.hitslink.com/]
Spyware:Cookie/PointRoll Not disinfected C:\FOUND.068\FILE0004.CHK[.ads.pointroll.com/]
Spyware:Cookie/Apmebf Not disinfected C:\FOUND.068\FILE0004.CHK[.apmebf.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\FOUND.068\FILE0004.CHK[.bluestreak.com/]
Spyware:Cookie/did-it Not disinfected C:\FOUND.068\FILE0004.CHK[.did-it.com/]
Spyware:Cookie/Weborama Not disinfected C:\FOUND.068\FILE0004.CHK[.weborama.fr/]
Spyware:Cookie/Overture Not disinfected C:\FOUND.068\FILE0004.CHK[.overture.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.068\FILE0004.CHK[.trafficmp.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.068\FILE0004.CHK[.casalemedia.com/]
Spyware:Cookie/Overture Not disinfected C:\FOUND.068\FILE0004.CHK[.perf.overture.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\FOUND.068\FILE0004.CHK[.systemdoctor.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\FOUND.068\FILE0004.CHK[stats1.reliablestats.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\FOUND.068\FILE0004.CHK[.errorsafe.com/]
Spyware:Cookie/FastClick Not disinfected C:\FOUND.072\FILE0016.CHK[.fastclick.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.072\FILE0016.CHK[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.072\FILE0016.CHK[.atdmt.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.072\FILE0016.CHK[.tradedoubler.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.072\FILE0016.CHK[.adrevolver.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.072\FILE0016.CHK[.mediaplex.com/]
Spyware:Cookie/Adviva Not disinfected C:\FOUND.072\FILE0016.CHK[.adviva.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\FOUND.072\FILE0016.CHK[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.072\FILE0016.CHK[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.072\FILE0016.CHK[.bs.serving-sys.com/]
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.072\FILE0016.CHK[ad.yieldmanager.com/]
Spyware:Cookie/Searchportal Not disinfected C:\FOUND.072\FILE0016.CHK[searchportal.information.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.072\FILE0016.CHK[statse.webtrendslive.com/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.072\FILE0016.CHK[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\FOUND.072\FILE0016.CHK[.atwola.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.072\FILE0016.CHK[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\FOUND.072\FILE0016.CHK[.statcounter.com/]
Spyware:Cookie/Adserver Not disinfected C:\FOUND.072\FILE0016.CHK[.adserver.easyad.info/]
Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.072\FILE0016.CHK[.tribalfusion.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.073\FILE0005.CHK[.tradedoubler.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.073\FILE0005.CHK[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.073\FILE0005.CHK[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.073\FILE0005.CHK[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\FOUND.073\FILE0005.CHK[.fastclick.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.073\FILE0005.CHK[statse.webtrendslive.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.073\FILE0005.CHK[.adrevolver.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.073\FILE0005.CHK[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.073\FILE0005.CHK[.advertising.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.073\FILE0005.CHK[.adrevolver.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.073\FILE0005.CHK[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\FOUND.073\FILE0005.CHK[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.073\FILE0005.CHK[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.073\FILE0005.CHK[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.073\FILE0005.CHK[.serving-sys.com/]
Spyware:Cookie/Adviva Not disinfected C:\FOUND.073\FILE0005.CHK[.adviva.net/]
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\FOUND.073\FILE0005.CHK[.pacificpoker.com/]
Spyware:Cookie/Statcounter Not disinfected C:\FOUND.073\FILE0005.CHK[.statcounter.com/]
Spyware:Cookie/888 Not disinfected C:\FOUND.073\FILE0005.CHK[.888.com/]
Spyware:Cookie/Hitbox Not disinfected C:\FOUND.073\FILE0005.CHK[.ehg-dig.hitbox.com/]
Spyware:Cookie/Go Not disinfected C:\FOUND.073\FILE0005.CHK[.go.com/]
Spyware:Cookie/Overture Not disinfected C:\FOUND.073\FILE0005.CHK[.overture.com/]
Spyware:Cookie/Hitbox Not disinfected C:\FOUND.073\FILE0005.CHK[.ehg-dig.hitbox.com/]
Spyware:Cookie/Go Not disinfected C:\FOUND.073\FILE0005.CHK[.go.com/]
Spyware:Cookie/Zedo Not disinfected C:\FOUND.073\FILE0005.CHK[.zedo.com/]
Spyware:Cookie/Hitbox Not disinfected C:\FOUND.073\FILE0005.CHK[.ehg-eline.hitbox.com/]
Spyware:Cookie/Xiti Not disinfected C:\FOUND.073\FILE0005.CHK[.xiti.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\FOUND.073\FILE0005.CHK[.bluestreak.com/]
Spyware:Cookie/Smartadserver Not disinfected C:\FOUND.073\FILE0005.CHK[.smartadserver.com/]
Spyware:Cookie/Adserver Not disinfected C:\FOUND.073\FILE0005.CHK[.adserver.easyad.info/]
Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.073\FILE0005.CHK[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\FOUND.075\FILE0003.CHK[.statcounter.com/]
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.075\FILE0003.CHK[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.075\FILE0003.CHK[.doubleclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.075\FILE0003.CHK[.tribalfusion.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.075\FILE0003.CHK[statse.webtrendslive.com/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.075\FILE0003.CHK[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.075\FILE0003.CHK[.atdmt.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.075\FILE0003.CHK[.tradedoubler.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.075\FILE0003.CHK[.adrevolver.com/]
Spyware:Cookie/FastClick Not disinfected C:\FOUND.075\FILE0003.CHK[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\FOUND.075\FILE0003.CHK[.apmebf.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.075\FILE0003.CHK[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.075\FILE0003.CHK[.serving-sys.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.075\FILE0003.CHK[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\FOUND.075\FILE0003.CHK[.questionmarket.com/]
Spyware:Cookie/Zedo Not disinfected C:\FOUND.075\FILE0003.CHK[.zedo.com/]
Spyware:Cookie/Adtech Not disinfected C:\FOUND.075\FILE0003.CHK[.adtech.de/]
Spyware:Cookie/Zedo Not disinfected C:\FOUND.075\FILE0003.CHK[.zedo.com/]
Spyware:Cookie/RealMedia Not disinfected C:\FOUND.075\FILE0003.CHK[.realmedia.com/]
Spyware:Cookie/Adserver Not disinfected C:\FOUND.075\FILE0003.CHK[.adserver.easyad.info/]
Spyware:Cookie/RealMedia Not disinfected C:\FOUND.075\FILE0003.CHK[.realmedia.com/]
Spyware:Cookie/888 Not disinfected C:\FOUND.075\FILE0003.CHK[.888.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.075\FILE0335.CHK[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.075\FILE0335.CHK[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.075\FILE0335.CHK[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.075\FILE0335.CHK[.advertising.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.075\FILE0335.CHK[.tradedoubler.com/]
Spyware:Cookie/FastClick Not disinfected C:\FOUND.075\FILE0335.CHK[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.075\FILE0335.CHK[.tribalfusion.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.075\FILE0335.CHK[.casalemedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.075\FILE0335.CHK[.adrevolver.com/]
Spyware:Cookie/Zedo Not disinfected C:\FOUND.075\FILE0335.CHK[.zedo.com/]
Spyware:Cookie/Adtech Not disinfected C:\FOUND.075\FILE0335.CHK[.adtech.de/]
Spyware:Cookie/Zedo Not disinfected C:\FOUND.075\FILE0335.CHK[.zedo.com/]
Spyware:Cookie/RealMedia Not disinfected C:\FOUND.075\FILE0335.CHK[.realmedia.com/]
Spyware:Cookie/Adserver Not disinfected C:\FOUND.075\FILE0335.CHK[.adserver.easyad.info/]
Spyware:Cookie/RealMedia Not disinfected C:\FOUND.075\FILE0335.CHK[.realmedia.com/]
Spyware:Cookie/888 Not disinfected C:\FOUND.075\FILE0335.CHK[.888.com/]
Adwaredware/Trymedia Not disinfected C:\Downloads\paparazzisetup-dm[1].exe
Adwaredware/Trymedia Not disinfected C:\Downloads\Shopmania-dm[1].exe
Adwaredware/Trymedia Not disinfected C:\Downloads\dream_day_wedding_AUK-dm[1].exe
Adwaredware/Trymedia Not disinfected C:\Downloads\HiddenExpedever_AUK-dm[1].exeIf you always do what you've always done...
you'll always get what you've always gotten0 -
There was a folder in the Deljob report I was unsure of but it's now revealed it's true LOP colours in your latest HJT log:
O4 - HKCU\..\Run: [Ball sign] C:\DOCUME~1\susan\APPLIC~1\OBJBUR~1\Site Vga.exe
The Panda log looks incomplete but the majority of it's findings are merely spyware cookies which you can easily clear using a little program called ATF Cleaner.
Please download ATF Cleaner by Atribune.- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Then go into safe Mode again and fix the following entry with HJT:
O4 - HKCU\..\Run: [Ball sign] C:\DOCUME~1\susan\APPLIC~1\OBJBUR~1\Site Vga.exe
Then use Windows Explorer again to find and delete the following:
C:\Documents and Settings\susan\Application Data\Obj burn <--folder
C:\Documents and Settings\SUSAN\My Documents\mpeSetup-dm.exe
C:\Downloads\paparazzisetup-dm[1].exe
C:\Downloads\Shopmania-dm[1].exe
C:\Downloads\dream_day_wedding_AUK-dm[1].exe
C:\Downloads\HiddenExpedever_AUK-dm[1].exe
Reboot when done and post a fresh HJT log please.
Feel free to run Panda again as well and post the results. They're shouldn't be much detected this time (if anything at all).0 - Double-click ATF-Cleaner.exe to run the program.
-
Thanks again Alfonso. I have posted my hijack this logfile below. Haven't posted panda as it was saying I had over 100 spyware despite doing everything you advised. I have ran spybot and adaware and they aren't picking up anything.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:22:11, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Common Files\AOL\1178090272\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
c:\program files\common files\aol\1178090272\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1178090272\ee\aolsoftware.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\hijack this\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O2 - BHO: SuperAdBlockerBHO Class - !!00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178090272\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\susan\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: !!67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: !!9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - !!438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - !!8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
--
End of file - 8942 bytesIf you always do what you've always done...
you'll always get what you've always gotten0 -
I've just noticed how many user accounts your machine has got!! I suggest you run ATF Cleaner on each account.
Please also delete these files:
C:\FOUND.026\FILE0026.CHK
C:\FOUND.029\FILE0088.CHK
C:\FOUND.031\FILE0010.CHK
C:\FOUND.031\FILE0012.CHK
C:\FOUND.032\FILE0021.CHK
C:\FOUND.038\FILE0074.CHK
C:\FOUND.038\FILE0091.CHK
C:\FOUND.040\FILE0023.CHK
C:\FOUND.040\FILE0031.CHK
C:\FOUND.045\FILE0000.CHK
C:\FOUND.047\FILE0004.CHK
C:\FOUND.059\FILE0005.CHK
C:\FOUND.060\FILE0005.CHK
C:\FOUND.068\FILE0004.CHK
C:\FOUND.072\FILE0016.CHK
C:\FOUND.073\FILE0005.CHK
C:\FOUND.075\FILE0003.CHK
C:\FOUND.075\FILE0335.CHK
You should be good to go then.
Have the popups stopped?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.8K Banking & Borrowing
- 253.8K Reduce Debt & Boost Income
- 454.6K Spending & Discounts
- 245.8K Work, Benefits & Business
- 601.9K Mortgages, Homes & Bills
- 177.7K Life & Family
- 259.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards