Author Topic: Major problems with performance and adaware (Read 808 times)

Enchantingsylph · « **on:** February 18, 2006, 02:18:25 AM »

My computer is taking forever to start up and is running very slow. I cannot get ewido to run in safe mode because it starts up but minimizes and I cannot get it to show.

After removing the alcan.a worm I installed symantec antivirus and it found what it calls alcara.b and a trojan horse with no name. I ran the removal tools again for the alcan worm. There was also an entry in symantec for something that was quarantined but the title of the object was blank. The file name was Dc52.zip

i have tracking cookies from so many places I dont know where to begin.

WhenU.SaveNow seems to installed with bearshare and has several entries in hkey_local maching\software\classes section which may or may not be the problem. I uninstalled bearshare anyway since it never would work right.

I constantly have cookies from tribalfusion.com, fastclick.com, doubleclick and places that I dont visit ever on purpose.

Today's Hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 12:13:33 AM, on 2/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Yahoo!\YPSR\ypsr.exe
C:\Documents and Settings\Thomas\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.localnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.averatec.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by LocalNet
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\LocalNet Express 2.0\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BitPump] "C:\Program Files\BitPump\bitpump.exe" /VerifySettings
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\LocalNet Express 2.0\pac-addwl.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - C:\Program Files\BitPump\ieint.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\LocalNet Express 2.0\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\LocalNet Express 2.0\pac-image.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.localnet.com/
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/downl...lscbase2213.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

ADAWARE QUARANTINE LOG:

ArchiveData(auto-quarantine- 2006-02-18 00-52-43.bckp)
Referencefile : SE1R92 14.02.2006
======================================================

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=IECache Entry : Cookie:[email protected]/
obj[1]=IECache Entry : Cookie:[email protected]/
obj[2]=IECache Entry : Cookie:[email protected]/
obj[3]=IECache Entry : Cookie:[email protected]/
obj[4]=IECache Entry : Cookie:[email protected]/
obj[5]=IECache Entry : Cookie:[email protected]/
obj[6]=IECache Entry : Cookie:[email protected]/
obj[7]=IECache Entry : Cookie:[email protected]/
obj[8]=IECache Entry : Cookie:[email protected]/
obj[9]=IECache Entry : Cookie:[email protected]/
obj[10]=IECache Entry : Cookie:[email protected]/
obj[11]=IECache Entry : Cookie:[email protected]/
obj[12]=IECache Entry : Cookie:[email protected]/
obj[13]=IECache Entry : Cookie:[email protected]/
obj[14]=IECache Entry : Cookie:[email protected]/
obj[15]=IECache Entry : Cookie:[email protected]/
obj[16]=IECache Entry : Cookie:[email protected]/
obj[17]=IECache Entry : Cookie:[email protected]/
obj[18]=IECache Entry : Cookie:[email protected]/
obj[19]=IECache Entry : Cookie:[email protected]/cgi-bin
obj[20]=IECache Entry : Cookie:[email protected]/
obj[21]=IECache Entry : Cookie:[email protected]/
obj[22]=IECache Entry : Cookie:[email protected]/
obj[23]=IECache Entry : Cookie:[email protected]/
obj[24]=IECache Entry : Cookie:[email protected]/
obj[25]=IECache Entry : Cookie:[email protected]/
obj[26]=IECache Entry : Cookie:[email protected]/
obj[27]=IECache Entry : Cookie:[email protected]/
obj[28]=IECache Entry : Cookie:[email protected]/cgi-bin
obj[29]=IECache Entry : Cookie:[email protected]/
obj[30]=IECache Entry : Cookie:[email protected]/
obj[31]=IECache Entry : Cookie:[email protected]/
obj[32]=IECache Entry : Cookie:[email protected]/
obj[33]=IECache Entry : Cookie:[email protected]/
obj[34]=IECache Entry : Cookie:[email protected]/
obj[35]=IECache Entry : Cookie:[email protected]/
obj[36]=IECache Entry : Cookie:[email protected]/
obj[37]=IECache Entry : Cookie:[email protected]/
obj[38]=IECache Entry : Cookie:[email protected]/
obj[39]=IECache Entry : Cookie:[email protected]/
obj[40]=IECache Entry : Cookie:[email protected]/
obj[41]=IECache Entry : Cookie:[email protected]/
obj[42]=IECache Entry : Cookie:[email protected]/adrevolver/
obj[43]=IECache Entry : Cookie:[email protected]/
obj[44]=IECache Entry : Cookie:[email protected]/
obj[45]=IECache Entry : Cookie:[email protected]/
obj[46]=IECache Entry : Cookie:[email protected]/
obj[47]=IECache Entry : Cookie:[email protected]/
obj[48]=IECache Entry : Cookie:[email protected]/
obj[49]=IECache Entry : Cookie:[email protected]/
obj[50]=IECache Entry : Cookie:[email protected]/
obj[51]=IECache Entry : Cookie:[email protected]/

guestolo · « **Reply #1 on:** February 19, 2006, 09:01:12 AM »

==Download and save WinPFind.zip
UNZIP the contents to your desktop
Don't run it yet

RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter

In safe mode
Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
Click START SCAN
This could take some time as it will scan your drive
Close out after

Reboot back to Normal mode

Why don't you run Ewido in Normal mode
Beforehand
Open Ewido
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")

Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows

Post back the following
1. report from Ewido
2. fresh hijackthis log please
3. Post the results of the WindPFind.txt located in the WinPFind folder

Enchantingsylph · « **Reply #2 on:** February 19, 2006, 10:19:07 PM »

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         9:08:47 PM, 2/19/2006
+ Report-Checksum:      C05A4367

+ Scan result:

   C:\Documents and Settings\Thomas\Cookies\thomas@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\thomas@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\thomas@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\thomas@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\thomas@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\thomas@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\thomas@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Top-banners : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\thomas@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\thomas@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\thomas@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\thomas@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\thomas@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Thomas\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2E.tmp -> TrackingCookie.Burstnet : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp -> TrackingCookie.Com : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> TrackingCookie.Zedo : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup

::Report End

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 8/22/2004 4:04:56 PM 69120 C:\WINDOWS\daemon.dll

Checking %System% folder...
UPX! 12/20/2005 6:21:38 AM 481280 C:\WINDOWS\SYSTEM32\aswBoot.exe
PEC2 8/29/2002 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PECompact2 2/7/2006 11:23:40 PM 4513120 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 2/7/2006 11:23:40 PM 4513120 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 1:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 1:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/29/2002 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 11/28/2003 9:21:00 AM 1301704 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
2/19/2006 7:45:28 PM S 2048 C:\WINDOWS\bootstat.dat
2/9/2006 10:18:34 AM H 54156 C:\WINDOWS\QTFont.qfn
2/6/2006 10:50:26 PM HS 8192 C:\WINDOWS\Thumbs.db
2/17/2006 1:06:08 AM H 65728 C:\WINDOWS\Minidump\Mini021706-01.dmp
2/19/2006 12:42:00 AM H 38360 C:\WINDOWS\system32\vsconfig.xml
2/18/2006 10:35:34 PM H 4212 C:\WINDOWS\system32\zllictbl.dat
1/3/2006 1:17:06 PM S 8792 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911564.cat
1/13/2006 12:34:32 PM S 7898 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911565.cat
1/3/2006 11:39:38 PM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911927.cat
1/2/2006 5:09:36 PM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
1/13/2006 1:28:32 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB913446.cat
2/19/2006 7:45:18 PM H 8192 C:\WINDOWS\system32\config\default.LOG
2/19/2006 7:45:34 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
2/19/2006 7:45:30 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
2/19/2006 7:45:38 PM H 86016 C:\WINDOWS\system32\config\software.LOG
2/19/2006 7:45:36 PM H 966656 C:\WINDOWS\system32\config\system.LOG
2/15/2006 9:57:14 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
1/15/2006 9:34:12 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\41452ec5-8f4e-4473-a5ed-bfcd1484e21c
1/15/2006 9:34:12 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
2/19/2006 7:41:58 PM H 6 C:\WINDOWS\Tasks\SA.DAT
2/18/2006 2:50:48 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1LS07YCX\desktop.ini
2/18/2006 2:50:48 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GZF0QZAO\desktop.ini
2/18/2006 2:50:48 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\K2QM63PH\desktop.ini
2/18/2006 2:50:48 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\K9UIA9V3\desktop.ini

Checking for CPL files...
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Broadcom Corporation 7/17/2003 6:40:08 PM 745472 C:\WINDOWS\SYSTEM32\BCMWLCPL.CPL
Microsoft Corporation 8/4/2004 1:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 12/14/2003 11:20:50 AM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
8/11/2003 1:11:00 PM 401408 C:\WINDOWS\SYSTEM32\slcpappl.cpl
Microsoft 3/2/1999 5:10:02 PM 49152 C:\WINDOWS\SYSTEM32\speech.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
1/13/2004 5:15:28 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
1/12/2004 9:07:44 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
1/13/2004 5:15:28 AM HS 84 C:\Documents and Settings\Thomas\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
7/16/2005 6:31:44 AM 1219 C:\Documents and Settings\Thomas\Application Data\AdobeDLM.log
1/12/2004 9:07:44 PM HS 62 C:\Documents and Settings\Thomas\Application Data\desktop.ini
7/16/2005 6:31:44 AM 0 C:\Documents and Settings\Thomas\Application Data\dm.ini
11/18/2005 7:42:02 PM 38824 C:\Documents and Settings\Thomas\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
   SV1    =
   LocalNet3    = IEAKLocalNet

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
   {BDA77241-42F6-11d0-85E2-00AA001FE28C}    = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
   {5464D816-CF16-4784-B9F3-75C0DB52B499}    = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZLAVShExt
   {D9872D13-7651-4471-9EEE-F0A00218BEBB}    = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
   {BDA77241-42F6-11d0-85E2-00AA001FE28C}    = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ZLAVShExt
   {D9872D13-7651-4471-9EEE-F0A00218BEBB}    = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
    = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
   Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
   AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
   Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{656EC4B7-072B-4698-B504-2A414C1F0037}
   IE_PopupBlocker Class = C:\Program Files\LocalNet Express 2.0\prpl_IePopupBlocker.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
   SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
   Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
   &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {EF99BD32-C1FB-11D2-892F-0090271D4F88}    = Yahoo! Toolbar   : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
   {2318C2B1-4965-11d4-9B18-009027A5CD4F}    = &Google   : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
   MenuText    = Sun Java Console   : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
   ButtonText    = Yahoo! Services   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
   ButtonText    = AIM   : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
   ButtonText    = Messenger   : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
    =
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
   &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
   File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
   Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
   History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
   Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =    :
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll
   {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =    :
   {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar   : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   SynTPLpr   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
   SynTPEnh   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
   RemoteControl   "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
   Creative WebCam Tray   C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
   SunJavaUpdateSched   C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
   BitPump   "C:\Program Files\BitPump\bitpump.exe" /VerifySettings
   ccApp   "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
   vptray   C:\PROGRA~1\SYMANT~1\VPTray.exe
   NeroFilterCheck   C:\WINDOWS\system32\NeroCheck.exe
   Zone Labs Client   C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
   IMAIL   Installed = 1
   MAPI   Installed = 1
   MSFS   Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
   srePostpone   rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   Power2GoExpress
   Yahoo! Pager   C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
   ctfmon.exe   C:\WINDOWS\system32\ctfmon.exe
   NBJ   "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
   Creative Detector   C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption
   legalnoticetext
   shutdownwithoutlogon   1
   undockwithoutlogon   1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder    {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn    {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck    {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
   SysTray     {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
   UPnPMonitor     {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
    = C:\WINDOWS\system32\NavLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 2/19/2006 7:53:09 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:18:52 PM, on 2/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Thomas\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.localnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.averatec.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by LocalNet
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\LocalNet Express 2.0\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BitPump] "C:\Program Files\BitPump\bitpump.exe" /VerifySettings
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\LocalNet Express 2.0\pac-addwl.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - C:\Program Files\BitPump\ieint.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\LocalNet Express 2.0\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\LocalNet Express 2.0\pac-image.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.localnet.com/
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/downl...lscbase2213.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Enchantingsylph · « **Reply #3 on:** February 24, 2006, 04:03:48 PM »

Hey guestolo, do you see anything wrong from what you had me report back to you?

guestolo · « **Reply #4 on:** February 25, 2006, 12:02:42 PM »

Very sorry for the delay
I don't see much wrong
But let's run Metallica's script to ensure any remnants are gone

First, can you do the following

==Download and Install
Windows Cleanup! 4.0

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

*Install SpywareBlaster 3.5.1 by JavaCool[/url]

After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

When I ask you too download a zip file, make sure you choose SAVE TO DISK rather than Open
Can you open "MyComputer"
Double click to open Local Disk C: drive
Right click an empty spot and left click NEW>>Folder
A new folder will be placed in the C: folder , name it BFU
So you now have C:\BFU

Please download Brute Force Uninstaller
Reminder, choose SAVE rather than OPEN
Then Extract (UNZIP) the contents to the (C:\BFU) folder you just made
So you now have C:\Bfu\bfu.exe

[color=\"#CC0000\"]RIGHT CLICK HERE[/color]
and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover.
Save it in the folder you made earlier (c:\BFU)
So you now have C:\Bfu\p2pnetwork.bfu

Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to p2pnetwork.bfu in the C:\BFU folder
Right click p2pnetwork.bfu and choose Select
In Brute Force Uninstaller select Execute
Wait for the "complete script execution" box to pop up and press OK.
Press exit to terminate the BFU program.

Reboot the computer
You can then go and delete the BFU folder

Do you have Spybot 1.4 installed?
It's a great tool, works well with Ad-Aware

TheTechGuide Forum

News:

Author Topic: Major problems with performance and adaware (Read 808 times)

Enchantingsylph

Major problems with performance and adaware

guestolo

Major problems with performance and adaware

Enchantingsylph

Major problems with performance and adaware

Enchantingsylph

Major problems with performance and adaware

guestolo

Major problems with performance and adaware