Solved: HTTP LOP Toolbar Activity

Topic:Solved: HTTP LOP Toolbar Activity - Help Required

Remainpoint:0

computermaineack Gender

PostTime:12/16/2008 6:21:14 PM

Top

Level:

Professional point:

Experience:

Thread:

275

Post:

917

Total online time:

13M

Joined date:

4/28/2007 11:37:00 PM

Last Visit:

12/16/2008 11:49:17 PM

Status:

	Try our remote PC help service to fix your PC instantly(Only cost $19.95)
	Register to make Ads free

Hi Guys,

Today i have had some spyware/adware hit the pc,

Following a little reseach it appears im infected with HTTP LOP Toolbar Activity. (as per Norton)

I have completed a Scan to which Norton has not found anything.

I have ran a scan with AVG and that found an issue which it resolved.

The program which infected me was some 3gvideoplayer.

Below i have attachted a copy of the log file from hijacktrhis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:34, on 25/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\SecurityHistory\MCUI32.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\Norton Internet Security\Norton AntiVirus\navw32.exe
C:\Program Files\Common Files\Symantec Shared\SecurityHistory\mcui32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [axis web cake second] C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\Enc Junk.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Stopslow] C:\DOCUME~1\COMPAQ~1\APPLIC~1\AMENBA~1\Owns dog book.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://www.sm4wdq.com/webcam/NetCamPlayerWeb11g.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166320821891
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.23.40.122/activex/AxisCamControl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 12529 bytes

Below is a copy of the startup log from hijackthis.

I Check off the 2 boxes next to the Box that says "Generate StartupList log"

see below.

StartupList report, 25/09/2007, 18:46:15
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\SecurityHistory\MCUI32.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\Norton Internet Security\Norton AntiVirus\navw32.exe
C:\Program Files\Common Files\Symantec Shared\SecurityHistory\mcui32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\SecurityHistory\MCUI32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ftutil2 = rundll32.exe ftutil2.dll,SetWriteCacheMode
Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
PCDrProfiler =
AnyDVD = C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
osCheck = "C:\Program Files\Norton Internet Security\osCheck.exe"
Symantec PIF AlertEng = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
axis web cake second = C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\Enc Junk.exe
SpyHunter = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Stopslow = C:\DOCUME~1\COMPAQ~1\APPLIC~1\AMENBA~1\Owns dog book.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll - {1E8A6170-7264-4D0F-BEAE-D42A53123C75}
(no name) - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
Norton Internet Security 2006 - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
(no name) - c:\program files\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

MP Scheduled Scan.job
Norton Internet Security - Run Full System Scan - Compaq_Owner.job

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary...r.cab31267.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/downlo...22/wmv9VCM.CAB

[NetCamPlayerWeb11g Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\NETCAM~1.OCX
CODEBASE = http://www.sm4wdq.com/webcam/NetCamPlayerWeb11g.ocx

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab

[UnoCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll
CODEBASE = http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab

[Windows Live Safety Center Base Module]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
CODEBASE = http://cdn.scan.onecare.live.com/res...scbase8300.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsu...?1166320821891

[Symantec Download Manager]
InProcServer32 = C:\Program Files\Symantec Technical Support\controls\symdlmgr.dll
CODEBASE = https://webdl.symantec.com/activex/symdlmgr.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary...t.cab31267.cab

[CamImage Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx
CODEBASE = http://194.23.40.122/activex/AxisCamControl.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\SyKnAppS\128352157401718750_A77546E9 -6B8E-11DC-B47D-001731241CC0.TMP2

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 9,280 bytes
Report generated in 0.078 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Your help will be most welcomed.

Thanks

RickT


badboydeejay	PostTime:12/16/2008 6:43:21 PM	Point:0 \| # 1
Level: 1 Professional point: 72 Experience: 24 Thread: 285 Post: 975 Total online time: 24M Joined date: 4/29/2007 12:36:00 AM Last Visit: 12/16/2008 11:54:20 PM Status:	LOG CONTINUED DUE TO CHARTER MAX LIMIT. SUPERAntiSpyware Scan Log - 09-25-2007 - 20-15-20 ################################ C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realnetworks.112.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6whkiwoazkho.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sextracker[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@data3.perf.overture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@optimost[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wflyckc5iko.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.adtegrity[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media2.scopelight[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.opentracker[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6whlicicjsgo.stats.esomniture[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@microsoftwga.112.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@azjmp[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@partner2profit[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@anad.tacoda[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media.adrevolver[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@i.screensavers[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6walyqocpcko.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.onestat[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@counter5.sextracker[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2.adbrite[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cracker.com[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@highbeam.122.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-bbc.hitbox[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@downingstreet[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-ifilm.hitbox[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@eyewonder[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats.channel4[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wblogod5wdp.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats.renault.co[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@interclick[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tryteens[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@try.screensavers[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@fco[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-moneyexpert.hitbox[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@incisivemedia.112.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@65121[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adlegend[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.ad-flow[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1070529794[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@view-6893[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cgi-bin[5].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@counter3.sextracker[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad1.singersroom[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@nextstat[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@http.edge.vru4[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6whkigodjodo.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-futurepub.hitbox[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@4.adbrite[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@counter.inkfrog[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@view-6891[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1070973758[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@phones4ultd.112.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstbeacon[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@classicandsportscar[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@itxt.vibrantmedia[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-magicalia.hitbox[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.tns-counter[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.cnn[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.adgoto[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6walokgcjccp.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjny-1mdzwb.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@webstat[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-warnerbrothers.hitbox[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@dti[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cbs.112.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@anat.tacoda[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@eas.apm.emediate[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@smileycentral[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@view-6894[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ffxcam.cracker.com[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.thewheelof[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.directanetworks[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adserver.actionsm[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.porn365[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cz7.clickzs[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@virginmedia[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfliwkdjsdo.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@65913[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.realtechnetwork[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.uknetguide.co[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wgmyupd5kgo.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.abum[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@trackerflights[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bellglobemediapublishing.122.2o7 [1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@clickaider[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@myoffers[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.warezquality[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1071957315[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tracking.bluebarracuda[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@britembassy[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@nielsen.112.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-baa.hitbox[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adsrevenue[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adserving.muppetism[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@counter1.sextracker[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@humornsex[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.adultmatchclub[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@net-revenue[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2.marketbanker[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1.marketbanker[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wgkokmcpwdp.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@date.ventivmedia[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1072588370[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@qksrv[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.belointeractive[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1071904862[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adserver.mediarun[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@zanox.parship.co[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@businesszone[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@msnaccountservices.112.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@boards.virginmedia[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.adviva[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1071793441[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wgk4eodpadq.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@webstats.plus[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wbkycjdzahp.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.jetphotos[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@test[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjl4qiazsco.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6walyulcpkap.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjkocpczelp.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1071772342[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@richmedia.yahoo[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@usenext[3].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mycarstats[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.ookla[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@revenue[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.jackpotmadness[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wglighc5adp.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-playboy.hitbox[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-opus.hitbox[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@keywordmax[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfliaodjmbo.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@porn.naughtyfiles[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@fcoweb[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@counter15.sextracker[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjmikod5obq.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-mastercard.hitbox[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-rodale.hitbox[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@my-calorie-counter[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@dcsgoplte64xo24eg5ijloz0x_4d4t[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1070310280[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@redrow[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wblyuodpabq.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1071964105[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@spiritofnature1.tripod[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.labpixies[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfliemajkgo.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@data1.perf.overture[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@m1.webstats.motigo[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-christiandior.hitbox[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mamasandpapas[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1068068415[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1071262967[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-associatednewmedia.hitbox[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-foxsports.hitbox[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@track.adform[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6whl4gncjwfo.stats.esomniture[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjkykndjsdo.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1070414993[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@view-6851[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sitestat.mayoclinic[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@view-6892[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@creview.adbureau[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@thecyclepeople.advertserve[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfliokazccq.stats.esomniture[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.techguy[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1063712397[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats.sphere[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@redrow[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@pr.valueclick[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wgkyojd5ehp.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1069815557[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@admse013.adbureau[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@hotelscom.122.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1060204444[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-bestwestern.hitbox[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@pistonheads[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@iframe.mediaplazza[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@dcskzw9b87mbvp4ejoyvlnmt0_8o1k[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.mycarstats[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@budgetcarhire.112.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@feed[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@socialmedia[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfkowncjgeq.stats.esomniture[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@dealtime.co[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@fortunecity[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjliqhczgeo.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1070299046[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@msnservices.112.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@haymarket[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adultfriendfinder[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@rocku.adbureau[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.virginmedia[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@view.atdmt[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@click_track[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@toplist[1].txt


Meng	PostTime:12/16/2008 7:18:16 PM	Point:0 \| # 2
Level: 1 Professional point: 10 Experience: 14 Thread: 278 Post: 973 Total online time: 14M Joined date: 4/28/2007 11:18:00 PM Last Visit: 12/17/2008 12:41:03 AM Status:	You may want to print this or save it to notepad as we will go to safe mode. Fix these with HiJackThis mark them, close IE, click fix checked O4 - HKLM\..\Run: [axis web cake second] C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\Enc Junk.exe DownLoad http://www.downloads.subratam.org/KillBox.zip or http://www.thespykiller.co.uk/files/killbox.exe Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode: Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following line(s) one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box. Be sure to note the EXACT spelling of the file C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any. START RUN type in %temp% - OK - Edit Select all File Delete Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp Not all temp files will delete and that is normal Empty the recycle bin Boot and post a new hijack log from normal NOT safe mode How are things on the PC???????????


kornowski	PostTime:12/16/2008 7:56:51 PM	Point:0 \| # 3
Level: 1 Professional point: 5 Experience: 19 Thread: 290 Post: 993 Total online time: 19M Joined date: 4/28/2007 11:08:00 PM Last Visit: 12/17/2008 12:44:18 AM Status:	And below is the HIJACKLIST LOG. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:28:02, on 25/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\svchost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [axis web cake second] C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\Enc Junk.exe O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://www.sm4wdq.com/webcam/NetCamPlayerWeb11g.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166320821891 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.23.40.122/activex/AxisCamControl.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 12166 bytes Thank you. RickT


fatbot	PostTime:12/16/2008 9:23:49 PM	Point:0 \| # 4
Level: 1 Professional point: 2 Experience: 12 Thread: 278 Post: 932 Total online time: 12M Joined date: 4/28/2007 11:48:00 PM Last Visit: 12/16/2008 11:40:44 PM Status:	Thank you.. i will abort what im doing now and follow your guide above ensuring the check boxes are all ticked in the right places etc. Thank you for your time. RickT


ryandg	PostTime:12/16/2008 9:47:07 PM	Point:0 \| # 5
Level: 1 Professional point: 78 Experience: 9 Thread: 286 Post: 947 Total online time: 9M Joined date: 4/29/2007 12:17:00 AM Last Visit: 12/16/2008 11:26:07 PM Status:	Please Download NoLop to your desktop from http://www.thespykiller.co.uk/index....tpmod;dl=get16 First close any other programs you have running as this will require a reboot Double click NoLop.exe to run it Now click the button labelled "Search and Destroy" <<your computer will now be scanned for infected files>> When scanning is finished you will be prompted to reboot only if infected, Click OK Now click the "REBOOT" Button. A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download http://www.boletrice.com/downloads/mscomctl.ocx to your system32 folder then rerun the program. - ================== Download Superantispyware (SAS) free home version http://www.superantispyware.com/supe...freevspro.html Install it and double-click the icon on your desktop to run it. It will ask if you want to update the program definitions, click Yes. Under Configuration and Preferences, click the Preferences button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked: o Close browsers before scanning o Scan for tracking cookies o Terminate memory threats before quarantining. o Please leave the others as they were. o Click the Close button to leave the control center screen. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive. On the right, under Complete Scan, choose Perform Complete Scan. Click Next to start the scan. Please be patient while it scans your computer. After the scan is complete a summary box will appear. Click OK. Make sure everything in the white box has a check next to it, then click Next. It will quarantine what it found and if it asks if you want to reboot, click Yes. To retrieve the removal information for me please do the following: o After reboot, double-click the SUPERAntispyware icon on your desktop. o Click Preferences. Click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o It will open in your default text editor (such as Notepad/Wordpad). o Please highlight everything in the notepad, then right-click and choose copy. Click close and close again to exit the program. Please paste that information here for me regardless of what it finds with a new HijackThis log. This will take some time!!!!!!!!


codeman0013	PostTime:12/16/2008 9:47:44 PM	Point:0 \| # 6
Level: 1 Professional point: 36 Experience: 4 Thread: 297 Post: 994 Total online time: 4M Joined date: 4/28/2007 10:56:00 PM Last Visit: 12/16/2008 11:36:14 PM Status:	Below is a copy of the nolop log file following the scan, no infections were found and a reboot was not required. NoLop! Log by Skate_Punk_21 Please Note: any existing old logs will have now been renamed to NoLop!OLD.log Fix running from: C:\Documents and Settings\Compaq_Owner\Desktop [25/09/2007] [19:16:06] ---Infection Files Found/Removed--- NO INFECTION FILES FOUND - Cleaning Aborted. ---Listing AppData sub directories--- C:\Documents and Settings\All Users\Application Data\Adobe C:\Documents and Settings\All Users\Application Data\Adobe Systems C:\Documents and Settings\All Users\Application Data\Aol C:\Documents and Settings\All Users\Application Data\Aol Downloads C:\Documents and Settings\All Users\Application Data\Apple Computer C:\Documents and Settings\All Users\Application Data\Autodata Limited C:\Documents and Settings\All Users\Application Data\Avg7 C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web C:\Documents and Settings\All Users\Application Data\Cyberlink C:\Documents and Settings\All Users\Application Data\Downloaded Installations C:\Documents and Settings\All Users\Application Data\Google C:\Documents and Settings\All Users\Application Data\Grisoft C:\Documents and Settings\All Users\Application Data\Installshield C:\Documents and Settings\All Users\Application Data\Microsoft C:\Documents and Settings\All Users\Application Data\Microsoft Corporation C:\Documents and Settings\All Users\Application Data\Microsoft Help C:\Documents and Settings\All Users\Application Data\Pc Suite C:\Documents and Settings\All Users\Application Data\Sbsi C:\Documents and Settings\All Users\Application Data\Sky C:\Documents and Settings\All Users\Application Data\Skyline C:\Documents and Settings\All Users\Application Data\Sonic C:\Documents and Settings\All Users\Application Data\Superantispyware.com C:\Documents and Settings\All Users\Application Data\Symantec C:\Documents and Settings\All Users\Application Data\Viewpoint C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage C:\Documents and Settings\Compaq_owner\Application Data\Acccore C:\Documents and Settings\Compaq_owner\Application Data\Adobe C:\Documents and Settings\Compaq_owner\Application Data\Adobeum C:\Documents and Settings\Compaq_owner\Application Data\Ahead C:\Documents and Settings\Compaq_owner\Application Data\Amen Bat Does C:\Documents and Settings\Compaq_owner\Application Data\Apple Computer C:\Documents and Settings\Compaq_owner\Application Data\Avg7 C:\Documents and Settings\Compaq_owner\Application Data\Azureus C:\Documents and Settings\Compaq_owner\Application Data\Bittorrent C:\Documents and Settings\Compaq_owner\Application Data\Cyberlink C:\Documents and Settings\Compaq_owner\Application Data\Datalayer C:\Documents and Settings\Compaq_owner\Application Data\Diino -- EMPTY Directory C:\Documents and Settings\Compaq_owner\Application Data\Dna C:\Documents and Settings\Compaq_owner\Application Data\Dvdcss C:\Documents and Settings\Compaq_owner\Application Data\Google C:\Documents and Settings\Compaq_owner\Application Data\Help -- EMPTY Directory C:\Documents and Settings\Compaq_owner\Application Data\Hp C:\Documents and Settings\Compaq_owner\Application Data\Hpq C:\Documents and Settings\Compaq_owner\Application Data\Icaclient -- EMPTY Directory C:\Documents and Settings\Compaq_owner\Application Data\Identities C:\Documents and Settings\Compaq_owner\Application Data\Iespell C:\Documents and Settings\Compaq_owner\Application Data\Installshield C:\Documents and Settings\Compaq_owner\Application Data\Kontiki C:\Documents and Settings\Compaq_owner\Application Data\Leadertech C:\Documents and Settings\Compaq_owner\Application Data\Limewire C:\Documents and Settings\Compaq_owner\Application Data\Macromedia C:\Documents and Settings\Compaq_owner\Application Data\Microsoft C:\Documents and Settings\Compaq_owner\Application Data\Mozilla C:\Documents and Settings\Compaq_owner\Application Data\Nero C:\Documents and Settings\Compaq_owner\Application Data\Newsbin -- EMPTY Directory C:\Documents and Settings\Compaq_owner\Application Data\Nokia C:\Documents and Settings\Compaq_owner\Application Data\Nokia Multimedia Player C:\Documents and Settings\Compaq_owner\Application Data\Pc Suite C:\Documents and Settings\Compaq_owner\Application Data\Real C:\Documents and Settings\Compaq_owner\Application Data\Sonic C:\Documents and Settings\Compaq_owner\Application Data\Sun C:\Documents and Settings\Compaq_owner\Application Data\Superantispyware.com C:\Documents and Settings\Compaq_owner\Application Data\Template C:\Documents and Settings\Compaq_owner\Application Data\Viewpoint C:\Documents and Settings\Default User\Application Data\Identities C:\Documents and Settings\Default User\Application Data\Microsoft C:\Documents and Settings\Default User\Application Data\Real C:\Documents and Settings\Localservice\Application Data\Ahead C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory C:\Documents and Settings\Localservice\Application Data\Microsoft C:\Documents and Settings\Networkservice\Application Data\Microsoft ################################# Fresh HIJACKTHIS log following the above. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:19:13, on 25/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\Grisoft\AVG7\avgwb.dat C:\Program Files\Norton Internet Security\Norton AntiVirus\navw32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Compaq_Owner\Desktop\NoLop.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [axis web cake second] C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\Enc Junk.exe O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Stopslow] C:\DOCUME~1\COMPAQ~1\APPLIC~1\AMENBA~1\Owns dog book.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://www.sm4wdq.com/webcam/NetCamPlayerWeb11g.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166320821891 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.23.40.122/activex/AxisCamControl.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 12649 bytes #################### I will start the Antispyware check in 1 min. I will be back soon with the results etc. Thanks again. RickT


ADE	PostTime:12/16/2008 9:59:04 PM	Point:0 \| # 7
Level: 1 Professional point: 46 Experience: 6 Thread: 265 Post: 966 Total online time: 6M Joined date: 4/29/2007 12:00:00 AM Last Visit: 12/17/2008 12:21:04 AM Status:	Clean If you feel its is fixed mark it solved via Thread Tools above Clear restore points heres how http://service1.symantec.com/SUPPORT...rc=sec_doc_nam You will turn them off boot turn them on This clears infected restore points and sets a new, clean one.


ADE	PostTime:12/16/2008 10:49:14 PM	Point:0 \| # 8
Level: 1 Professional point: 46 Experience: 6 Thread: 265 Post: 966 Total online time: 6M Joined date: 4/29/2007 12:00:00 AM Last Visit: 12/17/2008 12:21:04 AM Status:	Hi there, All seems to be working well now, I would like to thank you for your time and getting this resolved so fast!! Thanks Again! If you ever need any help with a VAG car, ie Audi, VW, Seat, Skoda, give us a shout on www.vwaudiforum.co.uk. RickT


bbbigbossbb	PostTime:12/16/2008 11:12:28 PM	Point:0 \| # 9
Level: 1 Professional point: 46 Experience: 1 Thread: 287 Post: 926 Total online time: 1M Joined date: 4/28/2007 11:03:00 PM Last Visit: 12/17/2008 12:22:57 AM Status:	Hi there, Below is a copy of the SUPERAntiSpyware Scan Log following the full system scan, Below the SUPERAntiSpyware Scan Log file, i have placed a NEW Hijackthis log ran after the reboot. Around 500 infected files were located, i have attachted a basic screen dump below. One thing which i was concerned about was that following the reboot after the SUPERAntiSpyware Scan, the PC would not boot up. I got the F8 start up menu, selected normal, and this looped, the pc restarted when it got to the stage where you would get the welcome splash screen. I attempted to let the pc reboot but this failed approx 5 times, i then reverted to use last good config settings which im unsure if that would of casued any issues folling the deletion of files. anyway, the last know config worked and here i am. your advice will be welcomed. Thank you. (i have had to place the logs over to replies due to the max charter text length of 3000.) SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/25/2007 at 08:15 PM Application Version : 3.9.1008 Core Rules Database Version : 3312 Trace Rules Database Version: 1315 Scan type : Complete Scan Total Scan Time : 00:52:02 Memory items scanned : 546 Memory threats detected : 0 Registry items scanned : 8373 Registry threats detected : 1 File items scanned : 43168 File threats detected : 440 Adware.Lop-Variant [Stopslow] C:\DOCUME~1\COMPAQ~1\APPLIC~1\AMENBA~1\OWNS DOG BOOK.EXE C:\DOCUME~1\COMPAQ~1\APPLIC~1\AMENBA~1\OWNS DOG BOOK.EXE C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\BOOK SLOW AXIS WEB\ENC JUNK.EXE C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\APPLICATION DATA\AMEN BAT DOES\OWNS DOG BOOK.EXE C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\APPLICATION DATA\AMEN BAT DOES\PUBUOHSK.EXE C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\LOCAL SETTINGS\TEMP\BISE82.EXE C:\WINDOWS\Prefetch\ENC JUNK.EXE-3377A071.pf C:\WINDOWS\Prefetch\OWNS DOG BOOK.EXE-0058BBAF.pf Adware.Tracking Cookie C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statcounter[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@s[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adultadworld[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wflosjdzafq.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@amazonms.122.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@thomascook-uk[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cs.sexcounter[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@indextools[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yadro[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@serving-sys[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@partypoker[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.poweradvertising[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wgl4qhdjofq.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wgk4siazwcp.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@firstchoice[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adbrite[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@fastclick[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@xiti[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advert.travlang[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-youtube.hitbox[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@aoluk.122.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@metacafe.122.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@paypal.112.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstnet[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.888[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[4].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adtech[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@list[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[3].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cgi-bin[7].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6whk4qkcpkfp.stats.esomniture[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@roiservice[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cgi-bin[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfmighazwbo.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@dennis.cerosmedia[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@apmebf[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wgkoshdzecp.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfliujdjwco.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atwola[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wglighdpalq.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@drivecleaner[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@partygaming.122.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediavantage[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@flightstats[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@a[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bannersng.yell[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@burstnet[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad1.emediate[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advertpro[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.itv[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sexybits[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@whatcar[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@casalemedia[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mb[4].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@manairport[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-autotrader.hitbox[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wflicnd5afp.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bluestreak[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@112.2o7[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cerosmedia[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad1.clickhype[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tacoda[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.us.e-planning[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@overture[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@indexstats[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@usenext[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@saletrack.co[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.pointroll[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@65120[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tradedoubler[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stat.onestat[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bs.serving-sys[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@clicktorrent[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@thomascook.122.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@pacificpoker[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@zedo[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6whkiqgczehp.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@doubleclick[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@hotlog[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediaplex[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@banner.eurogrand[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@rotator.adjuggler[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@msnportal.112.2o7[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@firstchoice[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@myticketmarket.112.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@pornotube.nastyboards[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.firstadsolution[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@toplist[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@webtracking.touchclarity[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cpvfeed[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@hitbox[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@counter2.hitslink[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advertising[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.drivecleaner[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.everyclick[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wbkyqgdpghp.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfkigic5iep.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediatransfer[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cassava[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-logantod.hitbox[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tracker.bitebbs[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cgi-bin[6].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjkysldpico.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjmyoiczsap.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adserver.adreactor[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-debenhams.hitbox[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adecn[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adopt.hbmediapro[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@estat[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@manairport[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@as-eu.falkag[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@valueclick[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@t1.trackalyzer[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@122.2o7[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@kanoodle[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.w3counter[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@3.adbrite[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@liveadulthost[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@c5[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjlysiczsfo.stats.esomniture[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@daredigital.122.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adverts.digitalspy.co[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevenue[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@65949[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@jokes[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@clickgolf.co[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wglokmczcaq.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.adbrite[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjlocgazoao.stats.esomniture[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wbloekdpeap.stats.esomniture[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@beerdotcomtrack.beer[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wgkoqhcjceo.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfliknc5gep.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wakocpcjkco.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@perf.overture[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-reed.hitbox[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@kia-uk[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@roitracking[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.zanox-affiliate[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@diy[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@888[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@phg.hitbox[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@web-stat[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@marilynchambersxxx[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfkicld5kao.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.etracker[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@britanniabuildingsociety.112.2o7 [1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@pornotube[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.clash-media[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@financialcontent.advertserve[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tracking.summitmedia.co[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@heavycom.122.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@clicksxyz[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@as-us.falkag[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfkoqhc5mlp.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sexxxpassport[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@dealnews.122.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@new-pcp[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@porn365[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@premiumtv.122.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@haynet.adbureau[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@itv.112.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wgkyehd5aco.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@pornorip[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@trinitymirror.112.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@banner.cdpoker[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.ewebcounter[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-dig.hitbox[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@as1.falkag[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adserve.v-store.co[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjmykgdjcdp.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-bskyb.hitbox[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adserver.easyad[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-nfusiongroup.hitbox[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@web4.realtracker[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@247realmedia[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats.drivecleaner[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wakicgdpkgp.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wakoundzccp.stats.esomniture[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adserving.autotrader[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjliqkazwap.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wgk4qndzkep.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sharpadverts[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@dailyheraldpaddockpublication.11 2.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@a.websponsors[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6waloohajkaq.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.destinationadult[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wglogkcpmbo.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@screensavers[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.smartadserver[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@view-6855[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stat.dealtime[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-nokiafin.hitbox[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tracker.roitesting[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6whkiamazccp.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-twi.hitbox[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@eroticlick[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@trafficmp[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.3pintracking[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfmysndpaao.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.zanox[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@next[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-stbernardsoftware.hitbox[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.topix[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfkyegajsbq.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adserver[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wblyqkazego.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@local[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@superstats[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjnysgd5ecp.stats.esomniture[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@videoegg.adbureau[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.shoutfile[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@rambler[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediamax[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.aol.co[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.clickmanage[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@weborama[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjlouldpmlq.stats.esomniture[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cgi-bin[3].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@65917[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ats[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cgi-bin[4].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@buzznet.112.2o7[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tripod[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@revsci[2].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wglyqpc5wdq.stats.esomniture[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@dti[1].txt C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cz8.clickzs[2].txt ########## LOG TO CONTINUE IN NEXT POST ##########


PohTayToez	PostTime:12/17/2008 12:33:20 AM	Point:0 \| # 10
Level: 1 Professional point: 3 Experience: 8 Thread: 285 Post: 966 Total online time: 8M Joined date: 4/28/2007 11:55:00 PM Last Visit: 12/16/2008 11:44:45 PM Status:	Hi, i have completed the above word for word, apart from not having the option of clearing the Recylce bin in Safte mode. (checked it now back in normal word and its empty.) Below is a copy of the latest hijacklist log taken following the reboot back in normal mode. Thank you! RickT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:39:09, on 25/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://www.sm4wdq.com/webcam/NetCamPlayerWeb11g.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166320821891 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.23.40.122/activex/AxisCamControl.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 12024 bytes

Sorry, you are not login, click here to login