Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

A

AshleyBiggs

14 Posts

950

April 2nd, 2007 23:00

Virus or Spyware

Hello,
My name is Ashley and I my computer keeps having these constant pop-ups despite of me blocking them. Please help....I don't know whether it is a virus or a worm. Thank you.

Bugbatter

20.5K Posts

April 3rd, 2007 01:00

Hi, Ashley,

Please follow the instructions here for posting a HijackThis log:
http://www.dellcommunity.com/supportforums/board/message?board.id=si_hijack&thread.id=52014

If you are having popups what are they advertising? Please give us as many symptoms as possible so we can help you.
Thanks. :)

AshleyBiggs

14 Posts

April 3rd, 2007 02:00

Hi Bugbatter,
 
Logfile is:
 
Logfile of HijackThis v1.99.1
Scan saved at 11:48:09 PM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {337C54C9-80C1-4de2-93CD-AAA510834074} - C:\WINDOWS\system32\laf67.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
 

Bugbatter

20.5K Posts

April 3rd, 2007 12:00

Please go to your Hijackthis here: C:\HJT\Hijackthis\HijackThis.exe
Rename HijackThis.exe to analyzer.exe

If you still have AVG Anti-Spyware, please run AVG AS and update the definition files.
If you don't, please see if you can download it again from HERE
  • On the main screen select the icon "Update". Then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • If you are having problems with the updater, manually update with the AVG AS Full database installer from here.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    • Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
      • Close AVG AS. Do Not run a scan just yet.

        1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.


        2.
        3. Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
        4. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
        5. AVG AS will now begin the scanning process, be patient this may take a little time.

        6. IMPORTANT: Do not open any other windows or programs while AVG AS is scanning, it may interfere with the scanning process. Once the scan is complete do the following:
        7. If you have any infections you will prompted, then select "Apply all actions"
        8. IMPORTANT! Don't save the report before you have clicked the Apply all actions button. If you do it will make it more difficult for the helper to interpret the report.
        9. Next select the "Reports" icon at the top.
        10. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
        11. Close AVG AS and reboot your system back into Normal Mode. Please post the results of the AVG AS report scan along with a fresh analyzer (actually, HijackThis) log.
        12. Thanks :)

      AshleyBiggs

      14 Posts

      April 3rd, 2007 19:00

      Hello,
      These are the safe-mode AVG log and Hijack Log:
       
      AVG:
       
      AVG Anti-Spyware - Scan Report
      ---------------------------------------------------------
       + Created at: 3:37:58 PM 4/3/2007
       + Scan result: 
       
      C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\UEZBD477\framecj[1].htm -> Downloader.Small.zbi : Cleaned.
      C:\Documents and Settings\user\Cookies\user@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
      C:\Documents and Settings\user\Cookies\user@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
      C:\Documents and Settings\user\Cookies\user@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
      C:\Documents and Settings\user\Cookies\user@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
      C:\Documents and Settings\user\Cookies\user@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
      C:\Documents and Settings\user\Cookies\user@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
      C:\Documents and Settings\user\Cookies\user@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
      C:\Documents and Settings\user\Cookies\user@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
      C:\Documents and Settings\user\Cookies\user@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
      C:\Documents and Settings\user\Cookies\user@com[1].txt -> TrackingCookie.Com : Cleaned.
      C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
      C:\Documents and Settings\user\Cookies\user@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
      C:\Documents and Settings\user\Cookies\user@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
      C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
      C:\Documents and Settings\user\Cookies\user@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
      C:\Documents and Settings\user\Cookies\user@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
      C:\Documents and Settings\user\Cookies\user@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
      C:\Documents and Settings\user\Cookies\user@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
      C:\Documents and Settings\user\Cookies\user@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
      C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
      C:\Documents and Settings\user\Cookies\user@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
      C:\Documents and Settings\user\Cookies\user@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
      C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
      C:\Documents and Settings\user\Cookies\user@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.

      ::Report end
      Hijack:
       
      Logfile of HijackThis v1.99.1
      Scan saved at 4:04:05 PM, on 4/3/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
      C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
      C:\Program Files\TrojanHunter 4.6\THGuard.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\HJT\Hijackthis\Analyzer.exe.exe
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=laptop
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {337C54C9-80C1-4de2-93CD-AAA510834074} - C:\WINDOWS\system32\laf67.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
      O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
      O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
      O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
      O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
      O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
      O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
      O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
       
      Thanks sweetie!!!
       

      Bugbatter

      20.5K Posts

      April 4th, 2007 03:00

      We will need to disable AVG AS and TrojanHunter so they do not interfere with HiajckThis.

      Open AVG Anti-Spyware. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. Right-click on AVG AS in the system tray and uncheck "Start with Windows".
      Go to Start > Run and type: services.msc
      Press "OK".
      In Services, click the "Extended tab" and scroll down the list to find AVG Anti-Spyware Guard.
      When you find the guard service, double-click on it.
      In the Properties Window > General Tab that opens, click the "Stop" button.
      From the drop-down menu next to "Startup Type", click on "Manual".
      Now click "Apply", then "OK" and close the Services window.

      Disable TrojanHunter Guard by right clicking on the icon in your System Tray.
      It is a light blue icon with a magnifying glass that can be difficult to see but the handle is red. Right click it and select settings. Uncheck "Load at startup" and "Enabled
      Make sure that the program, TrojanHunter itself, is also closed/not running.

      Please launch analyzer (HijackThis) and place a checkmark next to this entry:
      O2 - BHO: (no name) - {337C54C9-80C1-4de2-93CD-AAA510834074} - C:\WINDOWS\system32\laf67.dll

      Close all windows except HijackThis and click "Fix Checked". Close HijackThis.

      The file should be gone but let's look just to be sure.

      Configure to show all files/folders:
      Go to Start>Search and at the top select Tools>Folder Options
      Select the View tab
      Display the contents of system folders
      Show hidden files and folders
      Uncheck: Hide protected operating system files
      Click on Apply.
      Next go to the side of the Search box and select All files and folders. Go down to More advanced options.
      Be sure the first three boxes are selected:
      Search System folders
      Search Hidden Files and folders
      Search SubFolders

      If this file still exists, please delete it:
      C:\WINDOWS\system32\ laf67.dll--file

      Reboot.

      Rehide files:
      Start>Search and at the top select Tools>Folder Options
      Select the View tab
      Display the contents of system folders
      Show hidden files and folders
      Check: Hide protected operating system files
      Click on Apply

      Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.
      • Once you get to the Panda site, scroll down a bit and click on Scan your PC
      • A new window will appear; click on Check Now!
      • A new window will appear; fill in the boxes (Country, State, email addy)
      • Click on Scan Now! >
      • If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
      • From "Select a device to scan...", choose "My Computer"
      • Allow the scan to run. It'll take a while.
      • When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
      • Please post that report in your next reply. Simply open the text file, then copy/paste the content here. Also, please include a fresh analyzer (actually HijackThis) log. Thanks!

      Bugbatter

      20.5K Posts

      April 6th, 2007 02:00

      It should work if you divide the report into several posts. Stay in this thread and just keep replying to yourself until you get it all posted. I'll be back tomorrow to check it.
      CastleCops

      Message Edited by Bugbatter on 04-05-2007 11:58 PM

      AshleyBiggs

      14 Posts

      April 6th, 2007 02:00

      Bugbatter,
      It won't let me keep the same THREAD. Please help. Should I post it as new? Thanks

      AshleyBiggs

      14 Posts

      April 6th, 2007 02:00

      It says that "Message cannot exceed 20000 characters. What should I do? I've done both Activescan and Hijackthis once again.

      AshleyBiggs

      14 Posts

      April 6th, 2007 03:00

      HIJACKTHIS:
       
      Logfile of HijackThis v1.99.1
      Scan saved at 11:09:42 PM, on 4/5/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
      C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
      C:\WINDOWS\system32\tcpipmon.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\tcpipmon.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Picasa2\PicasaMediaDetector.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\HJT\Hijackthis\Analyzer.exe.exe
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=laptop
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
      O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
      O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
      O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
      O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
      O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
      O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
      O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
      O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
      O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
       

      AshleyBiggs

      14 Posts

      April 6th, 2007 03:00

      activescan con't:
       
      Spyware:Cookie/Winantivirus                                                     Not disinfected               C:\Documents and Settings\user\Cookies\user@winantispyware[1].txt                                                                                                                                                                                              
      Spyware:Cookie/Winantivirus                                                     Not disinfected               C:\Documents and Settings\user\Cookies\user@winantivirus[1].txt                                                                                                                                                                                                
      Spyware:Cookie/DriveCleaner                                                     Not disinfected               C:\Documents and Settings\user\Cookies\user@www.drivecleaner[1].txt                                                                                                                                                                                            
      Spyware:Cookie/ErrorSafe                                                        Not disinfected               C:\Documents and Settings\user\Cookies\user@www.errorsafe[2].txt                                                                                                                                                                                               
      Spyware:Cookie/Systemdoctor                                                     Not disinfected               C:\Documents and Settings\user\Cookies\user@www.systemdoctor[2].txt                                                                                                                                                                                            
      Spyware:Cookie/Winantivirus                                                     Not disinfected               C:\Documents and Settings\user\Cookies\user@www.winantivirus[1].txt                                                                                                                                                                                            
      Spyware:Cookie/Xiti                                                             Not disinfected               C:\Documents and Settings\user\Cookies\user@xiti[1].txt                                                                                                                                                                                                        
      Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\user\Desktop\SmitfraudFix\Process.exe                                                                                                                                                                                                
      Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\HJT\SmitfraudFix\Process.exe                                                                                                                                                                                                                                
      Virus:Trj/Shutdown.Z                                                            Disinfected                   C:\HJT\SmitfraudFix\restart.exe        

      AshleyBiggs

      14 Posts

      April 6th, 2007 03:00

      activescan con't:
       
      Spyware:Cookie/ErrorSafe                                                        Not disinfected               C:\Documents and Settings\user\Cookies\user@errorsafe[1].txt                                                                                                                                                                                                   
      Spyware:Cookie/FastClick                                                        Not disinfected               C:\Documents and Settings\user\Cookies\user@fastclick[1].txt                                                                                                                                                                                                   
      Spyware:Cookie/GoStats                                                          Not disinfected               C:\Documents and Settings\user\Cookies\user@gostats[2].txt                                                                                                                                                                                                     
      Spyware:Cookie/Go                                                               Not disinfected               C:\Documents and Settings\user\Cookies\user@go[2].txt                                                                                                                                                                                                          
      Spyware:Cookie/Hitbox                                                           Not disinfected               C:\Documents and Settings\user\Cookies\user@hitbox[2].txt                                                                                                                                                                                                      
      Spyware:Cookie/DomainSponsor                                                    Not disinfected               C:\Documents and Settings\user\Cookies\user@landing.domainsponsor[1].txt                                                                                                                                                                                       
      Spyware:Cookie/FastClick                                                        Not disinfected               C:\Documents and Settings\user\Cookies\user@media.fastclick[2].txt                                                                                                                                                                                             
      Spyware:Cookie/Mediaplex                                                        Not disinfected               C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt                                                                                                                                                                                                   
      Spyware:Cookie/Overture                                                         Not disinfected               C:\Documents and Settings\user\Cookies\user@perf.overture[1].txt                                                                                                                                                                                               
      Spyware:Cookie/QuestionMarket                                                   Not disinfected               C:\Documents and Settings\user\Cookies\user@questionmarket[2].txt                                                                                                                                                                                              
      Spyware:Cookie/Server.iad.Liveperson                                            Not disinfected               C:\Documents and Settings\user\Cookies\user@server.iad.liveperson[2

      AshleyBiggs

      14 Posts

      April 6th, 2007 03:00

      activescan con't:
       
      Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\HJT\SmitfraudFix\SmitfraudFix.zip[SmitfraudFix/Process.exe]                                                                                                                                                                                                 
      Virus:Trj/Shutdown.Z                                                            Disinfected                   C:\HJT\SmitfraudFix\SmitfraudFix.zip[SmitfraudFix/restart.exe]                                                                                                                                                                                                 
      Adware:Adware/SpySheriff                                                        Not disinfected               C:\otgjkov.exe                                                                                                                                                                                                                                                 
      Potentially unwanted tool:Application/PWDump.A                                  Not disinfected               C:\Program Files\Common Files\Wise Installation Wizard\WIS1EFAF4929A3B48C39349234B146FDA46_5_0_4.MSI[unk_0020][pwservice.exe3]                                                                                                                                 
      Virus:Trj/Disablekey.BF                                                         Disinfected                   C:\WINDOWS\system32\max1d1641.exe                                                                                                                                                                                                                              

      AshleyBiggs

      14 Posts

      April 6th, 2007 03:00

      Activescan con't :
       
      Spyware:Cookie/Serving-sys                                                      Not disinfected               C:\Documents and Settings\user\Cookies\user@serving-sys[1].txt                                                                                                                                                                                                 
      Spyware:Cookie/Statcounter                                                      Not disinfected               C:\Documents and Settings\user\Cookies\user@statcounter[1].txt                                                                                                                                                                                                 
      Spyware:Cookie/DriveCleaner                                                     Not disinfected               C:\Documents and Settings\user\Cookies\user@stats.drivecleaner[2].txt                                                                                                                                                                                          
      Spyware:Cookie/WebtrendsLive                                                    Not disinfected               C:\Documents and Settings\user\Cookies\user@statse.webtrendslive[1].txt                                                                                                                                                                                        
      Spyware:Cookie/Systemdoctor                                                     Not disinfected               C:\Documents and Settings\user\Cookies\user@systemdoctor[2].txt                                                                                                                                                                                                
      Spyware:Cookie/Target                                                           Not disinfected               C:\Documents and Settings\user\Cookies\user@target[2].txt                                                                                                                                                                                                      
      Spyware:Cookie/Tickle                                                           Not disinfected               C:\Documents and Settings\user\Cookies\user@tickle[2].txt                                                                                                                                                                                                      
      Spyware:Cookie/Tribalfusion                                                     Not disinfected               C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt                                                                                                                                                                                                
      Spyware:Cookie/Tickle                                                           Not disinfected               C:\Documents and Settings\user\Cookies\user@web.tickle[2].txt    

      AshleyBiggs

      14 Posts

      April 6th, 2007 03:00

      Activescan con't:
       
      Spyware:Cookie/Apmebf                                                           Not disinfected               C:\Documents and Settings\user\Cookies\user@apmebf[1].txt                                                                                                                                                                                                      
      Spyware:Cookie/Atlas DMT                                                        Not disinfected               C:\Documents and Settings\user\Cookies\user@atdmt[2].txt                                                                                                                                                                                                       
      Spyware:Cookie/Atwola                                                           Not disinfected               C:\Documents and Settings\user\Cookies\user@atwola[1].txt                                                                                                                                                                                                      
      Spyware:Cookie/Serving-sys                                                      Not disinfected               C:\Documents and Settings\user\Cookies\user@b.serving-sys[2].txt                                                                                                                                                                                              
      Spyware:Cookie/Casalemedia                                                      Not disinfected               C:\Documents and Settings\user\Cookies\user@casalemedia[2].txt                                                                                                                                                                                                 
      Spyware:Cookie/Ccbill                                                           Not disinfected               C:\Documents and Settings\user\Cookies\user@ccbill[1].txt                                                                                                                                                                                                      
      Spyware:Cookie/Doubleclick                                                      Not disinfected               C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt                                                                                                                                                                                                 
      Spyware:Cookie/DriveCleaner                                                     Not disinfected               C:\Documents and Settings\user\Cookies\user@drivecleaner[2].txt                                                                                                                                                                                                
      Spyware:Cookie/Entrepreneur                                                     Not disinfected               C:\Documents and Settings\user\Cookies\user@entrepreneur[1].txt

      AshleyBiggs

      14 Posts

      April 6th, 2007 03:00

      Okay then
      Activescan:
       
      Incident                                                                        Status                        Location                                                                                                                                                                                                                                                       
      Potentially unwanted tool:Application/RegistryCleaner                           Not disinfected               C:\WINDOWS\system32\tcpipmon.exe                                                                                                                                                                                                                               
      Adware:adware/ist.yoursitebar                                                   Not disinfected               Windows Registry                                                                                                                                                                                                                                               
      Spyware:Cookie/RealMedia                                                        Not disinfected               C:\Documents and Settings\user\Cookies\user@247realmedia[2].txt                                                                                                                                                                                                
      Spyware:Cookie/2o7                                                              Not disinfected               C:\Documents and Settings\user\Cookies\user@2o7[1].txt                                                                                                                                                                                                         
      Spyware:Cookie/YieldManager                                                     Not disinfected               C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt                                                                                                                                                                                             
      Spyware:Cookie/Adrevolver                                                       Not disinfected               C:\Documents and Settings\user\Cookies\user@adrevolver[3].txt                                                                                                                                                                                                  
      Spyware:Cookie/adultfriendfinder                                                Not disinfected               C:\Documents and Settings\user\Cookies\user@adultfriendfinder[2].txt                                                                                                                                                                                           
      Spyware:Cookie/Advertising                                                      Not disinfected               C:\Documents and Settings\user\Cookies\user@advertising[2].txt 

      View More

      View All

      No Events found!

      Top