WinAntiVirus and general slow performance [HJT log]

Hey guys, I have a friend who is having loads of problems with his PC and nasties, including WinAntiVirus pro, I'm doing this via remote assistance as he is not as PC aware

Here I have a HJT log

Logfile of HijackThis v1.99.1
Scan saved at 17:14:33, on 10/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Kensington\Kensington Mouse 1.1\MOUSE32A.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Companion Wizard\compwiz.exe
C:\Program Files\Common Files\WinAntiVirus Pro 2006\wa6pcw.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\wisptis.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = leed-cache-1.server.ntli.net:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\iefwbho.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\System32\LVCOMS.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tzreypthe] C:\WINDOWS\System32\zpjqvh.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [gxmjiv] C:\WINDOWS\gxmjiv.exe
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB002" /M "Stylus C46 "
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Kensington\Kensington Mouse 1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CompanionWizard] "C:\Program Files\Common Files\Companion Wizard\compwiz.exe" /silent
O4 - HKLM\..\Run: [wa6pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\wa6pcw.exe" -c
O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "F:\sims\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = F:\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL/VSearch.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843003.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4367/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn285.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn286.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (P) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Much Appreciated

 

Hi Dom

To start off have him run these in the order given and please follow the instructions exactly as given.

Please download VundoFix.exe to your desktop

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Now download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
6. Under "Reports "
   • Select "Automatically generate report after every scan "
   • Un-Select "Only if threats were found "

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
   IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
5. If you have any infections you will prompted, then select "Apply all actions "
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Please post the two logs, run HJT again and post the new log.

Thanks
Geri

 

Weird, vunofix didn't find problems :/

AVG:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:57:09 13/06/2007

+ Scan result:



C:\Program Files\Common Files\Companion Wizard\WapCHK.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1005\A1331762.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1005\A1332761.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1005\A1332783.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1006\A1332809.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1007\A1332850.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1007\A1332870.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1008\A1332912.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1009\A1332950.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1010\A1332976.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1011\A1333062.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1011\A1333466.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1012\A1333879.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1013\A1333902.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1014\A1333932.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1015\A1333996.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1016\A1334065.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1017\A1334112.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1019\A1334218.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1019\A1335216.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1020\A1335275.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1020\A1335296.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1020\A1336296.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1021\A1337298.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1022\A1338298.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1023\A1338355.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1024\A1338417.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1025\A1338455.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1026\A1338529.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1026\A1338546.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1026\A1338578.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1027\A1339581.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1027\A1339648.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1028\A1339688.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1028\A1339716.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1030\A1339745.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1030\A1339780.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1031\A1339816.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1032\A1339847.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1033\A1339867.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1034\A1339885.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1035\A1339947.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1036\A1339992.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1037\A1340009.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1037\A1340046.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1038\A1340079.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1039\A1340134.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1039\A1340168.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1039\A1340190.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1040\A1341191.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1041\A1341275.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1041\A1342276.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1043\A1342375.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1044\A1342398.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1044\A1342426.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1045\A1342454.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1045\A1342474.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1045\A1342519.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1045\A1343557.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1045\A1343588.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1046\A1343644.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1047\A1343692.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1048\A1343770.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1048\A1343821.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1048\A1343838.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1049\A1343873.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1050\A1343952.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1050\A1344952.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1051\A1344980.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1052\A1345042.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1054\A1345104.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1054\A1345136.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1055\A1345166.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1055\A1345197.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1056\A1345469.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1056\A1345482.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1056\A1345494.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1056\A1345503.dll -> Adware.Companion : Cleaned with backup (quarantined).

*continues

 

C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1056\A1345511.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1057\A1345518.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1057\A1345686.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1057\A1346657.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1057\A1346686.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1057\A1346706.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1057\A1346715.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1057\A1346721.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1057\A1346731.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1057\A1346743.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1057\A1346749.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1058\A1346786.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1058\A1346816.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1058\A1346826.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1059\A1347831.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1059\A1347866.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1059\A1347872.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1059\A1348872.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1060\A1348890.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1060\A1348916.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1060\A1348933.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1061\A1348941.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1062\A1348962.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1062\A1349329.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1063\A1349511.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1064\A1349534.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6ABD6FD0-9DD3-431A-A20E-AABA487046FB}\RP1064\A1349543.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WinAntiVirus Pro 2006\WAPPChk.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\Gillian\Application Data\WinAntiVirus Pro 2006 -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\Gillian\Application Data\WinAntiVirus Pro 2006\Logs -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\Gillian\Application Data\WinAntiVirus Pro 2006\Logs\Activate.log -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\Gillian\Application Data\WinAntiVirus Pro 2006\Logs\incmp.log -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\Gillian\Application Data\WinAntiVirus Pro 2006\Logs\update.log -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\Gillian\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\Gillian\Application Data\WinAntiVirus Pro 2006\Logs\winav.log -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\Gillian\Application Data\WinAntiVirus Pro 2006\PGE.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\Gillian\Application Data\WinAntiVirus Pro 2006\activator_info.txt -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\Gillian\Application Data\WinAntiVirus Pro 2006\avtasks.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006 -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\ASupdater.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\AWBase -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\AWBase\database -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\AWBase\database\SETB.tmp -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\AWBase\database\enemies.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\AWBase\vbpv.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Activate.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Activate.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Activate.xml -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Autoplay.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Bin.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\BkSites.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\CompWiz.exeoldold -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\aqwcaadv -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\crhpaikd -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\dkhhmdmq -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\dkhhmdmq\enemies.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\dkhhmdmq\enemies1140.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\dkhhmdmq\update.script -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\dkhhmdmq\vbpv.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\dwziycoj -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\dwziycoj\UADAILY.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\ekwewuem -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\ffaenhgs -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\flcyuatz -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\hqzdwwpz -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\ijbaffko -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\ixzrjzcf -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\kqkjulfc -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\nqgxmyrm -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\oofswouz -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\oofswouz\SCANKRNL.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\oradqntc -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\pmhuwbht -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\rofnxjqa -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\rofnxjqa\New.txt -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\rofnxjqa\WA6P2710.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\rofnxjqa\update.script -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\uqkahjel -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\xgrkfacx -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\xqswfsxr -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Download\xqswfsxr\SCANKRNL.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\EventsDB.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\InstHelp.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\License.rtf -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Manual.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Manual.xml -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\PGBase -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\PGBase\vbpv.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\PGUpLink.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\PGUpLst.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\PGupdater.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\RTasks.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Restart.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\RulSrv.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\SpOrder.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Support.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\UBUpdater.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\UnWiz.xml -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\UpdateData -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\UpdateData\upd0115012007.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).

 

C:\Program Files\WinAntiVirus Pro 2006\UpdateData\upd1307022007.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\UpdateData\upd1705032007.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\UpdateData\upd1803042007.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\UpdateData\upd2027112006.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\UpdateData\upd2124122006.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\UpdateData\upd2127042007.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\UpdateData\upd2224052007.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\Updater.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\VAExt.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\WAV6COM.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\WinAV.xml -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\asmngr.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\atl71.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\avcom.log -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\avkernel.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\bpdlink.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\bpupdater.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\chat.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\fat.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\fopn.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\fopn.sys -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\fopnl.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\history.db -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\iefwbho.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\incmp.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\index.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\install.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\kb.url -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\lapv.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\manual.pdf -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\mfc71.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\mfc71.dlloldoldold -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\msvcp71.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\msvcp71.dlloldold -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\msvcr71.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\msvcr71.dlloldold -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\online.url -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\phigh.bin -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\BORLNDMM.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANADWR.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANBCDR.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANDLDR.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANDOS1.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANEMUL.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANFUNC.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANKRNL.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANMCR1.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANOTHR.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANSCR.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANTOOL.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANTROJ.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\SCANWIN1.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UNACPU.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UNADBX.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UNMIME.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UNPACKS.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UNPACKS2.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UNPEPACK.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27301.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27302.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27303.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27304.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27305.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27306.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27307.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27308.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27401.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27402.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27403.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27404.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27405.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27406.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27407.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27408.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27409.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27410.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27411.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27412.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27501.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27502.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27503.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27504.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27505.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27506.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27507.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27601.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27602.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27603.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UA27604.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\UpDate\UADAILY.DLL -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\rbho.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\unamscan.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\plugins\vbpv.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\pmedium.bin -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\prc.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\prerules.xml -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\programs.bin -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\ps.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\pv.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\qf.pdf -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\res -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\res\cross.gif -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\res\wa6p.gif -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\rpt.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\settings.bin -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\settings.ini -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\sqlite3.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\sr.log -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\st.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\support.ico -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\unins000.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\unins000.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\uninstall.ico -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\unwizard.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\up.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\updater.dat -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\winav.ini -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll.bakold -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\worldmap.swf -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\WINDOWS\system32\av.cpl -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\FOPN.sys -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\WINDOWS\system32\stera.exe -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\{367A86A5-D048-4785-86BE-4E2706AAFDD9} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5141620-C2B2-4D95-9F0F-134D99C87AB0} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinAntiVirusPro2006 -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B5141620-C2B2-4D95-9F0F-134D99C87AB0} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-59D4-4008-9058-080011001200} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-C1EC-0345-6EC2-4D0300000000} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Companion Wizard\compwiz.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WinAntiVirus Pro 2006\uwa6pcw.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WinAntiVirus Pro 2006\UpdDownload -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\FWSvc -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\FWSvc\Enum -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\FWSvc\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1425521274-725345543-1003\Software\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1425521274-725345543-1003\Software\WinAntiVirus Pro 2006\DefaultSettings -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1425521274-725345543-1003\Software\WinAntiVirus Pro 2006\Settings -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1425521274-725345543-1003\Software\WinAntiVirus Pro 2006\Settings2 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbn285.exe -> Dialer.Juicy : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gbn285.exe -> Dialer.Juicy : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\gbn285.exe -> Dialer.Juicy : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WinAntiVirus Pro 2006\wa6pinst.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Gillian\Application Data\winantiviruspro2006freeinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Gillian\Cookies\gillian@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@cancertreatmentcenter.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@care2.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@journalregistercompany.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

 

C:\Documents and Settings\Gillian\Cookies\gillian@metacafe.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@microsoftgamestudio.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@powellsbooks.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@propertyfinderltd.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@redcatsuk.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@spiketv.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@torstardigital.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@wpni.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@2.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@3.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@4.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ads.adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@atdmt[4].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@atdmt[7].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@atdmt[8].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@atdmt[9].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@CAP4WVPP.txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ads.cnn[2].txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ads.guardian.co[1].txt -> TrackingCookie.Co : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@CAQFW9Y7.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6walisldzgbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6wfkouoczkao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6wfliepd5kkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6wfloahcjwhp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6wfmycodpekp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6wgk4updpseo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6wgkiejajmbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6wglighd5kao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6wglisgc5wlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6whkogncjiap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6wjkogjazagp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6wjkoqnczwkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6wjkyqpd5icp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6wjl4ckajwkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6wjloaiczsfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6wjloqoc5mfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6wjlyalczmcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@e-2dj6wjnyeidjago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-aspca.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-autotrader.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-bbc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-betterphoto.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-digg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-esa.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-foundation.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-foxmovies.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-futurepub.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-independent.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-jgdreamarts.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-legonewyorkinc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-moma.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-newscientist.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-playboy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-reed.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-rodale.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-sothebys.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-space.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-systemax.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-tekzoned.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-tfl.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-tiscover.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-ufi.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-vcommercecorporation.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-youtube.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ehg-zoom.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@oewabox[1].txt -> TrackingCookie.Oewabox : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@CABQSJVT.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ads-205.quarterserver[1].txt -> TrackingCookie.Quarterserver : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@uk.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@anad.tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Gillian\Cookies\gillian@c2.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

 

And HJT:

LLogfile of HijackThis v1.99.1
Scan saved at 22:36:42, on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Kensington\Kensington Mouse 1.1\MOUSE32A.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\WinAntiVirus Pro 2006\wa6pcw.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = leed-cache-1.server.ntli.net:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\System32\LVCOMS.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tzreypthe] C:\WINDOWS\System32\zpjqvh.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [gxmjiv] C:\WINDOWS\gxmjiv.exe
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB002" /M "Stylus C46 "
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Kensington\Kensington Mouse 1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [wa6pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\wa6pcw.exe" -c
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "F:\sims\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = F:\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL/VSearch.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843003.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4367/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn285.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn286.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (P) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


Sorry about so many posts, wouldnt let me put it all in one

 

Hi
WOW

Please go to add/remove programs and remove these if present:

MessengerPlus3
WinAntiVirus pro

Please run AVG anti-spyware again as before. (No need to post the log)

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\System32\zpjqvh.exe
  C:\WINDOWS\gxmjiv.exe
  
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = leed-cache-1.server.ntli.net:8080
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [tzreypthe] C:\WINDOWS\System32\zpjqvh.exe
O4 - HKLM\..\Run: [gxmjiv] C:\WINDOWS\gxmjiv.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [wa6pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\wa6pcw.exe" -c
O4 - HKCU\..\Run: [MessengerPlus3] "F:\sims\MsgPlus.exe" /WinStart
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843003.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn285.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn286.exe


Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these folders (if present):

C:\Program Files\Common Files\WinAntiVirus Pro 2006

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

C:\WINDOWS\System32\zpjqvh.exe
C:\WINDOWS\gxmjiv.exe

After that, Reboot.

Please post a New HJT Log into this Thread.

Thanks
Geri

 

OK, here's the fresh HJT

Logfile of HijackThis v1.99.1
Scan saved at 20:38:16, on 14/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Kensington\Kensington Mouse 1.1\MOUSE32A.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\System32\LVCOMS.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB002" /M "Stylus C46 "
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Kensington\Kensington Mouse 1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = F:\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL/VSearch.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4367/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (P) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

Hi Dom
OK that log looks clean.

Lets get a on-line scan just to check.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

How is his machine running? any warnings/problems?
Let me know.

If no problems, here is the next step.

We have just a few more things to do, mostly maintenance and then our recommendations:

Delete all your cookies, and empty your recycle bin. (ATF Cleaner is good for this) But remember, by deleting your cookies, you will have to re-enter any passwords and log-in info for any sites you are usually required to do so with.

This would also be a good time to set a new system restore point for your machine.
Set New System Restore Point. Do not do this unless there are no other user accounts to be diagnosed.

Also, as you are an XP user, if there are any other accounts on this machine, they too, must be cleaned with AdAware, Spybot S&D, then HJT. Not all infections are global, nor are all the HJT fixes global. You can post each user account here into this thread, but please, do only one at a time to avoid confusion. It is very rare that anything significant is ever found.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spybot Search & Destroy - A powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
   
   
2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
   
   
3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
   
   
4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
   
   
5. IE-SpyAd - puts over 23,000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all,
   and MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.
   
   
6. Install WinPatrol to prevent unknown applications from being inserted to start up on your machine
   
   Now just because you have security apps installed, they are useless unless updated regularly.
   
   
7. Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.
   
   
8. ATF Cleaner by Atribune.
   This program is for XP and Windows 2000 only, Cleans out temporary files all the garbage you collect while surfing the web.
   
   
9. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
   
   
10. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
    
11. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Surf Safely
Geri