Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Ultimate Cleaner 2007 Virus 4

Status
Not open for further replies.
zouv

zouv

Vendor
Sep 22, 2005
45
0
0
I have got this on my pc. Nightmare, I have aol spyware and mcaffee anti virus and it doesn't seem to be capable of identifying all the files and removing them. It's infected internet explorer and keeps loading pages and has changed my homepage etc. Whats the best spyware to remove this? Even better if it's free, or should I just buy a product? Any tips gratefully appreciated.
 
Sort by date Sort by votes
AVG scan log, sorry for delay had trouble getting this to paste on here! Do I need to action anything from either of these logs?

Scan "Command line scan" was finished.
Infections found:;"15"
Infected objects removed or healed;"0"
Not removed or healed.;"15"
Spyware found:;"4"
Spyware removed:;"0"
Not removed:;"4"
Warnings count:;"62"
Information count:;"0"
Scan started:;"18 April 2008, 12:21:08"
Total object scanned:;"828520"
Time needed:;"3 hour(s) 48 minute(s) 43 second(s) "
Errors encountered:;"0"

Infections
File;"Infection";"Result"
C:\Documents and Settings\John\My Documents\My Videos\ASE_Setup_Free.exe;"Trojan horse SHeur.BDYB";"Infected" C:\Documents and Settings\Maria\Desktop\SDFix\backups\backups.zip:\backups\spnkfwad.exe;"Trojan horse Downloader.Adload.EZ";"Infected"
C:\Documents and Settings\Maria\Desktop\SDFix\backups\backups.zip;"Trojan horse Downloader.Adload.EZ";"Infected"
C:\Documents and Settings\Maria\DoctorWeb\Quarantine\fmptdpay.dll.vir;"Virus found Lop";"Infected"
C:\Documents and Settings\Maria\DoctorWeb\Quarantine\pmnLcbxw.dll.vir;"Trojan horse Generic10.KWR";"Infected"
C:\Documents and Settings\Maria\DoctorWeb\Quarantine\yknlisac.dll.vir;"Virus found Lop";"Infected"
C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\comps\acsxpfix.exe:\ns_00002;"Trojan horse Startpage.CPM";"Infected"
C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\comps\acsxpfix.exe;"Trojan horse Startpage.CPM";"Infected"
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\ACSLAN~1.EXE:\ns_00002;"Trojan horse Startpage.CPM";"Infected"
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\ACSLAN~1.EXE;"Trojan horse Startpage.CPM";"Infected"
C:\QooBox\Quarantine\C\WINDOWS\system32\qtrscfep.dll_old.vir;"Virus found Win32/Heur";"Infected"
C:\QooBox\Quarantine\catchme2008-04-15_211741.39.zip:\Documents and Settings\Maria\Desktop\catchme.zip:\tuvvSIyW.dll;"Trojan horse Generic10.KYZ";"Infected"
C:\QooBox\Quarantine\catchme2008-04-15_211741.39.zip:\Documents and Settings\Maria\Desktop\catchme.zip:\wvUnNfDv.dll;"Trojan horse Generic10.KWR";"Infected"
C:\QooBox\Quarantine\catchme2008-04-15_211741.39.zip:\Documents and Settings\Maria\Desktop\catchme.zip;"Trojan horse Generic10.KYZ";"Infected"
C:\QooBox\Quarantine\catchme2008-04-15_211741.39.zip;"Trojan horse Generic10.KYZ";"Infected"

Spyware
File;"Infection";"Result"
C:\Documents and Settings\Maria\Desktop\SDFix\apps\download.exe;"Potentially harmful program Tool.FF";"Potentially dangerous object"
C:\Documents and Settings\Maria\Desktop\SDFix.exe:\SDFix\apps\download.exe;"Potentially harmful program Tool.FF";"Potentially dangerous object"
C:\Documents and Settings\Maria\Desktop\SDFix.exe;"Potentially harmful program Tool.FF";"Potentially dangerous object"
C:\SDFix\apps\download.exe;"Potentially harmful program Tool.FF";"Potentially dangerous object"

Warnings
File;"Infection";"Result"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C78AB3F-A857-482E-80C0-3A1E5238A565};"Found Adware.Isearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5054F860-748D-4840-B7B4-DDDB428421AF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88D758A3-D33B-45FD-91E3-67749B4057FA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2B2B5A1-B48C-4886-A318-723916A01024};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E6D5237D-A6C7-4C83-A67F-F9F15586FA62};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9};"Found Adware.SecureServicePack";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF};"Found Adware.Generic";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@adbrite[2].txt:\adbrite.com.d5e309c2;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@adbrite[2].txt:\adbrite.com.71beeff9;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@adbrite[2].txt;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@adtech[2].txt:\adtech.de.a9245469;"Found Tracking cookie.Adtech";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@adtech[2].txt;"Found Tracking cookie.Adtech";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@advertising[2].txt:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@advertising[2].txt:\advertising.com.f62113d5;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@advertising[2].txt:\advertising.com.1820df7a;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@advertising[2].txt:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@advertising[2].txt;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@aoluk.122.2o7[1].txt:\aoluk.122.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@aoluk.122.2o7[1].txt;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@atdmt[2].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@atdmt[2].txt;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@atdmt[3].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@atdmt[3].txt;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@bs.serving-sys[1].txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@bs.serving-sys[1].txt;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@doubleclick[1].txt:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@doubleclick[1].txt;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@doubleclick[2].txt:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@doubleclick[2].txt;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt:\fastclick.net.fac3d6f0;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt:\fastclick.net.57e8da10;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt:\fastclick.net.19d0b716;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt:\fastclick.net.6fd479aa;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@media.adrevolver[1].txt:\media.adrevolver.com.5fed601d;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@media.adrevolver[1].txt;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@mediaplex[1].txt:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@mediaplex[1].txt;"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@mediaplex[2].txt:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@mediaplex[2].txt;"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@msnportal.112.2o7[1].txt;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@msnportal.112.2o7[2].txt:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@msnportal.112.2o7[2].txt;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@revsci[1].txt:\revsci.net.e9dbeb91;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@revsci[1].txt:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@revsci[1].txt:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@revsci[1].txt;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@tradedoubler[1].txt:\tradedoubler.com.eab0972e;"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@tradedoubler[1].txt;"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"

 
Upvote 0 Downvote
clean log.


run AVg again and follow the instructions below to allow it to quarantine what it finds, then later you can delete them!


Run AVG Anti-Spyware!

# IMPORTANT: Do not open any other windows or programs while AVG is scanning
as it may interfere with the scanning process:
# Launch AVG Anti-spyware by double-clicking the icon on your desktop.
# Select the "Scanner" icon at the top and then the "Scan" tab then click on
"Complete System Scan".
# AVG will now begin the scanning process. Be patient this may take a little
time.
Once the scan is complete do the following:
# If you have any infections you will prompted, then select "Apply all
actions"
# Next select the "Reports" icon at the top.
# Select the "Save report as" button in the lower left hand of the screen
and save it to a text file on your system (make sure to remember where you
saved that file, this is important).
# Close AVG and reboot your system back into Normal Mode.





Go to Start ---> Run ---> Type ComboFix /u and press Enter. This will
uninstall ComboFix.




You should now turn off system restore to flush out the bad restore points
and
then re-enable it and make a new clean restore point.


How to turn off system restore







Here's some free tools to keep you from getting infected in the future.


To stop reinfection get spywareblaster from




get the hosts file from here.Unzip it to a folder!





put it into : or click the mvps bat and it should do it for you!


Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98\ME = C:\WINDOWS



ie-spyad.Puts over 5000 sites in your restricted zone so you'll be protected

when you visit innocent-looking sites that aren't actually innocent at all.






Use either Arovax or spyware terminator, you could try both and see
what one you like!


Arovax shield.



Spyware Terminator



In spyware terminator, click real time protection and tick the box to use
real time protection and tick all the boxes except file exceptions shield.
If your confident in using its advanced feature, click advanced and tick
the HIPS box.

If you want to install and uninstall programs it is best to
temporarily disable Spyware terminator and then re-enable it after you
have installed or uninstalled a program as it will create a lot of pop ups
asking you do you wish this to happen!

Right click spyware terminator on the bottom right of your status bar and
choose exit.Then tick the box and that is spyware terminator disabled!




I would also suggest switching to Mozilla's firefox browser, it's safer, has
a built in pop up blocker, blocks cookies and adds. Mozilla Thunderbird is
also a good
e-mail client.



Another good and free browser is Opera!



Read here to see how to tighten your security:



A good overall guide for firewalls, anti-virus, and anti-trojans as well as
regular spyware cleaners.





Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
I have downloaded funkytoad HostXpert 4.2. The tabs available for selection are

Make read only
Back Up restore
Import Options
Restore MS Hosts File
File Handling
Editing
Download
Tools
Help

Please advise what to do?
Thanks
 
Upvote 0 Downvote
Thanks pechenegs, will run AVG full system scan and post that up. Also big thank you for all the advice about what programmes to run. I really wouldn't have a clue!
 
Upvote 0 Downvote
Restore MS Hosts File

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Also, post another hijack this log so I can see what you have on there, you have a lot of unneccessary programs running which can be trimmed down to make your computer run faster!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
I have posted 2 AVG scans below, the first was a scheduled scan and other one I carried out late last night. Do I need to remove the issues found in these AVG scans and the earlier one?

Scan "Scheduled scan" was finished.
Infections found:;"47"
Infected objects removed or healed;"47"
Not removed or healed.;"0"
Spyware found:;"8"
Spyware removed:;"8"
Not removed:;"0"
Warnings count:;"62"
Information count:;"0"
Scan started:;"18 April 2008, 20:00:26"
Total object scanned:;"848493"
Time needed:;"3 hour(s) 16 minute(s) "
Errors encountered:;"0"

Infections
File;"Infection";"Result"
C:\Documents and Settings\John\My Documents\My Videos\ASE_Setup_Free.exe;"Trojan horse SHeur.BDYB";"Moved to Virus Vault"
C:\Documents and Settings\Maria\Desktop\SDFix\backups\backups.zip:\backups\spnkfwad.exe;"Trojan horse Downloader.Adload.EZ";"Moved to Virus Vault"
C:\Documents and Settings\Maria\Desktop\SDFix\backups\backups.zip;"Trojan horse Downloader.Adload.EZ";"Moved to Virus Vault"
C:\Documents and Settings\Maria\DoctorWeb\Quarantine\fmptdpay.dll.vir;"Virus found Lop";"Moved to Virus Vault"
C:\Documents and Settings\Maria\DoctorWeb\Quarantine\pmnLcbxw.dll.vir;"Trojan horse Generic10.KWR";"Moved to Virus Vault"
C:\Documents and Settings\Maria\DoctorWeb\Quarantine\yknlisac.dll.vir;"Virus found Lop";"Moved to Virus Vault"
C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\comps\acsxpfix.exe:\ns_00002;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\comps\acsxpfix.exe;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\ACSLAN~1.EXE:\ns_00002;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\ACSLAN~1.EXE;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\QooBox\Quarantine\C\WINDOWS\system32\qtrscfep.dll_old.vir;"Virus found Win32/Heur";"Moved to Virus Vault"
C:\QooBox\Quarantine\catchme2008-04-15_211741.39.zip:\Documents and Settings\Maria\Desktop\catchme.zip:\tuvvSIyW.dll;"Trojan horse Generic10.KYZ";"Moved to Virus Vault"
C:\QooBox\Quarantine\catchme2008-04-15_211741.39.zip:\Documents and Settings\Maria\Desktop\catchme.zip:\wvUnNfDv.dll;"Trojan horse Generic10.KWR";"Moved to Virus Vault"
C:\QooBox\Quarantine\catchme2008-04-15_211741.39.zip:\Documents and Settings\Maria\Desktop\catchme.zip;"Trojan horse Generic10.KYZ";"Moved to Virus Vault"
C:\QooBox\Quarantine\catchme2008-04-15_211741.39.zip;"Trojan horse Generic10.KYZ";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP782\A0121398.EXE:\ns_00002;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP782\A0121398.EXE;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP783\A0121444.EXE:\ns_00002;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP783\A0121444.EXE;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP783\A0121445.exe:\$JK\utility.dll;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP783\A0121445.exe;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP783\A0121504.exe:\ns_00002;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP783\A0121504.exe:\ns_00056:\$JK\utility.dll;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP783\A0121504.exe:\ns_00056;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP783\A0121504.exe;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP783\A0121508.exe:\ns_00002;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP783\A0121508.exe;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP783\A0121509.exe:\ns_00002;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP783\A0121509.exe;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP783\A0121510.exe:\ns_00002;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP783\A0121510.exe;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP866\A0136330.exe;"Trojan horse SHeur.BDYB";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP866\A0140506.dll;"Trojan horse Downloader.Adload.FO";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP866\A0140507.dll;"Trojan horse Downloader.Adload.FR";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP868\A0141739.exe;"Trojan horse Downloader.Obfuskated";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP868\A0141740.exe;"Trojan horse Downloader.Obfuskated";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP868\A0141741.exe;"Trojan horse Downloader.Obfuskated";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP868\A0141742.dll;"Virus found Win32/Heur";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP868\A0141743.dll;"Virus found Win32/Heur";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP868\A0141748.exe;"Trojan horse Downloader.Scagent.E";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP868\A0141749.exe;"Trojan horse Downloader.Obfuskated";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP868\A0141833.exe;"Trojan horse Downloader.Adload.EZ";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP868\A0141837.exe;"Trojan horse Downloader.Adload.EZ";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP871\A0145500.exe:\ns_00002;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP871\A0145500.exe;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP871\A0145501.EXE:\ns_00002;"Trojan horse Startpage.CPM";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP871\A0145501.EXE;"Trojan horse Startpage.CPM";"Moved to Virus Vault"

Spyware
File;"Infection";"Result"
C:\Documents and Settings\Maria\Desktop\SDFix\apps\download.exe;"Potentially harmful program Tool.FF";"Moved to Virus Vault"
C:\Documents and Settings\Maria\Desktop\SDFix.exe:\SDFix\apps\download.exe;"Potentially harmful program Tool.FF";"Moved to Virus Vault"
C:\Documents and Settings\Maria\Desktop\SDFix.exe;"Potentially harmful program Tool.FF";"Moved to Virus Vault"
C:\SDFix\apps\download.exe;"Potentially harmful program Tool.FF";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP871\A0145498.exe;"Potentially harmful program Tool.FF";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP871\A0145499.exe:\SDFix\apps\download.exe;"Potentially harmful program Tool.FF";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP871\A0145499.exe;"Potentially harmful program Tool.FF";"Moved to Virus Vault"
C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP871\A0145502.exe;"Potentially harmful program Tool.FF";"Moved to Virus Vault"

Warnings
File;"Infection";"Result"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C78AB3F-A857-482E-80C0-3A1E5238A565};"Found Adware.Isearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5054F860-748D-4840-B7B4-DDDB428421AF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88D758A3-D33B-45FD-91E3-67749B4057FA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2B2B5A1-B48C-4886-A318-723916A01024};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E6D5237D-A6C7-4C83-A67F-F9F15586FA62};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9};"Found Adware.SecureServicePack";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF};"Found Adware.Generic";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@adbrite[2].txt:\adbrite.com.d5e309c2;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@adbrite[2].txt:\adbrite.com.71beeff9;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@adbrite[2].txt;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@adtech[2].txt:\adtech.de.a9245469;"Found Tracking cookie.Adtech";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@adtech[2].txt;"Found Tracking cookie.Adtech";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@advertising[2].txt:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@advertising[2].txt:\advertising.com.f62113d5;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@advertising[2].txt:\advertising.com.1820df7a;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@advertising[2].txt:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@advertising[2].txt;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@aoluk.122.2o7[1].txt:\aoluk.122.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@aoluk.122.2o7[1].txt;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@atdmt[2].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@atdmt[2].txt;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@atdmt[3].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@atdmt[3].txt;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@bs.serving-sys[1].txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@bs.serving-sys[1].txt;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@doubleclick[1].txt:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@doubleclick[1].txt;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@doubleclick[2].txt:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@doubleclick[2].txt;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt:\fastclick.net.fac3d6f0;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt:\fastclick.net.57e8da10;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt:\fastclick.net.19d0b716;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt:\fastclick.net.6fd479aa;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@media.adrevolver[1].txt:\media.adrevolver.com.5fed601d;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@media.adrevolver[1].txt;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@mediaplex[1].txt:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@mediaplex[1].txt;"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@mediaplex[2].txt:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@mediaplex[2].txt;"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@msnportal.112.2o7[1].txt;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@msnportal.112.2o7[2].txt:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@msnportal.112.2o7[2].txt;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@revsci[1].txt:\revsci.net.e9dbeb91;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@revsci[1].txt:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@revsci[1].txt:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@revsci[1].txt;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@tradedoubler[1].txt:\tradedoubler.com.eab0972e;"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@tradedoubler[1].txt;"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"


SCAN 2


Scan "Command line scan" was finished.
Infections found:;"0"
Infected objects removed or healed;"0"
Not removed or healed.;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"62"
Information count:;"0"
Scan started:;"18 April 2008, 23:34:43"
Total object scanned:;"830357"
Time needed:;"3 hour(s) 45 minute(s) 32 second(s) "
Errors encountered:;"0"

Warnings
File;"Infection";"Result"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C78AB3F-A857-482E-80C0-3A1E5238A565};"Found Adware.Isearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5054F860-748D-4840-B7B4-DDDB428421AF};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88D758A3-D33B-45FD-91E3-67749B4057FA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2B2B5A1-B48C-4886-A318-723916A01024};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E6D5237D-A6C7-4C83-A67F-F9F15586FA62};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9};"Found Adware.SecureServicePack";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF};"Found Adware.Generic";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@adbrite[2].txt:\adbrite.com.d5e309c2;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@adbrite[2].txt:\adbrite.com.71beeff9;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@adbrite[2].txt;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@adtech[2].txt:\adtech.de.a9245469;"Found Tracking cookie.Adtech";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@adtech[2].txt;"Found Tracking cookie.Adtech";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@advertising[2].txt:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@advertising[2].txt:\advertising.com.f62113d5;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@advertising[2].txt:\advertising.com.1820df7a;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@advertising[2].txt:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@advertising[2].txt;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@aoluk.122.2o7[1].txt:\aoluk.122.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@aoluk.122.2o7[1].txt;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@atdmt[2].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@atdmt[2].txt;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@atdmt[3].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@atdmt[3].txt;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@bs.serving-sys[1].txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@bs.serving-sys[1].txt;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@doubleclick[1].txt:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@doubleclick[1].txt;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@doubleclick[2].txt:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@doubleclick[2].txt;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt:\fastclick.net.fac3d6f0;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt:\fastclick.net.57e8da10;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt:\fastclick.net.19d0b716;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt:\fastclick.net.6fd479aa;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@fastclick[1].txt;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@media.adrevolver[1].txt:\media.adrevolver.com.5fed601d;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@media.adrevolver[1].txt;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@mediaplex[1].txt:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@mediaplex[1].txt;"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@mediaplex[2].txt:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@mediaplex[2].txt;"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@msnportal.112.2o7[1].txt;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@msnportal.112.2o7[2].txt:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@msnportal.112.2o7[2].txt;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@revsci[1].txt:\revsci.net.e9dbeb91;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@revsci[1].txt:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@revsci[1].txt:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@revsci[1].txt;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@serving-sys[2].txt;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@tradedoubler[1].txt:\tradedoubler.com.eab0972e;"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
C:\Documents and Settings\Maria\Cookies\maria@tradedoubler[1].txt;"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
 
Upvote 0 Downvote
I also ran HostsXpert and restored MS file. Hijack log below do I need to delete anything from the log below. I noted that you said earlier that I should select remove all infections in AVG scans. Can you confirm that I should remove everything in all of the AVG scans carried out? Would also appreciate your advice about what I should remove to make the computer run faster. Haven't set new restore points. Thanks again

Logfile of HijackThis v1.99.1
Scan saved at 08:43:42, on 19/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Common Files\AOL\1131841800\ee\AOLSoftware.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1131841800\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1131841800\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Documents and Settings\Maria\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131841800\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - O17 - HKLM\System\CCS\Services\Tcpip\..\{254A522B-1270-4CCE-8DF2-FC114BAF51E3}: NameServer = 205.188.146.145
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
 
Upvote 0 Downvote
Ok, clean log!

Is the AVG you downloaded an all in one, as in anti spyware and also anti virus?

I would suggest you uninstall all AOL security programs you don't need them with the other tools we have on board!



You can keep them in the virus vault for a few days and then go back in there and delete them if you want to!

see these links below on what programs are necessary on startup and what programs are not needed on start up!

The only programs which really need to start at start up, e.g when your computer boots up is security programs such as your anti virus, firewall, and other security programs. you do not need Microsoft word, e-mail clients etc starting up.

I shall give you a partial list of programs from your log which don't need to start up!


Msconfig


go to start/run/type msconfig/tick the radial dial selective
startup/click the startup tab/ uncheck these boxes then click ok and
then exit!


RealTray
Camera Detector
SunJavaUpdateSched
Adobe Photo Downloader
AOLAspSunset2
PCSuiteTrayApplication
Adobe Reader Speed Launcher
QuickTime Task
iTunesHelper
Microsoft Office



you have far too many start up items, use the link below to trim them down.





Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Thanks again for all your help. I wouldn't have got my pc tidied up and working corerectly without your advice. Di I need to remove all the files that were identified in all the AVG scans that I carried out? I assume that I do, but just wary of deleting something that I shouldn't. I have set the new restore point. Following all these scans and everything the pc is working much better than it has for months!
 
Upvote 0 Downvote
you can delete them at your leisure/pleasure!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Excellent. I'll get on to removing those and some other programmes from start up.

Thanks again for all your help.
I'll stop bothering you for assistance now. :)
 
Upvote 0 Downvote
Hi - newbie here. Constantly getting conflicting answers to below question from self-styled experts, so I thought I'd join this interesting group. I may stick around even if I can solve this problem.....
The usual virus/spyware crud. Trying to learn how to fix it myself. Question: I have a list of infectons (hopefully, no false positives) from Spyware Doctor. CAN I SIMPLY go into regedit and just find these exact value names and just delete them? They are listed under Trojans, etc. so hopefully they aren't part of my OS...??? Any help/ideas would be appreciated
 
Upvote 0 Downvote
post a hijack this log, spyware doctor is prone to give false positives!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
102
Oorde
Oorde
andyv2011
  • Locked
  • Question
Looking at Virus Actions
Replies
0
Views
50
andyv2011
andyv2011
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
76
goombawaho
goombawaho
kharrison70
  • Locked
  • Question
Meskisift Visaal Studie Virus? 6
Replies
6
Views
83
goombawaho
goombawaho
CCX008
  • Locked
  • Question
Barowwsoe2save , how can I remove this stubborn virus !! 3
Replies
10
Views
99
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top