Author Topic: Help required. (Read 1919 times)

Zaigar · « **Reply #20 on:** December 07, 2006, 03:51:54 AM »

Here is the log that you have requested.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, December 07, 2006 12:50:42 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/12/2006
Kaspersky Anti-Virus database records: 248675
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   A:\
   C:\
   D:\
   E:\
   F:\
   G:\

Scan Statistics:
   Total number of scanned objects: 123087
   Number of viruses found: 16
   Number of infected objects: 28 / 0
   Number of suspicious objects: 0
   Duration of the scan process: 02:06:27

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log   Object is locked   skipped
C:\Documents and Settings\LocalService\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\acccore\nss\cert8.db   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\acccore\nss\key3.db   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\AIMPro\log\aimpro.exe_PL_Trace.txt   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\AIMPro\log\apExtCmp.log   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cert8.db   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\formhistory.dat   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\history.dat   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\key3.db   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\parent.lock   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\search.sqlite   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\urlclassifier2.sqlite   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Messenger\Megaman_x_255Email Removed\SharingMetadata\Logs\Dfsr.log   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Messenger\Megaman_x_255Email Removed\SharingMetadata\pending.dat   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Messenger\Megaman_x_255Email Removed\SharingMetadata\Working\database_F090_4279_9042_45F6\dfsr.db   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Messenger\Megaman_x_255Email Removed\SharingMetadata\Working\database_F090_4279_9042_45F6\fsr.log   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Messenger\Megaman_x_255Email Removed\SharingMetadata\Working\database_F090_4279_9042_45F6\fsrtmp.log   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Messenger\Megaman_x_255Email Removed\SharingMetadata\Working\database_F090_4279_9042_45F6\tmp.edb   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Windows Live Contacts\megaman_x_255Email Removed\real\members.stg   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Microsoft\Windows Live Contacts\megaman_x_255Email Removed\shadow\members.stg   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\Cache\_CACHE_001_   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\Cache\_CACHE_002_   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\Cache\_CACHE_003_   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\Cache\_CACHE_MAP_   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\AntiPhishing\FDE76B9D-4657-4B28-AE87-04EFD23D4EB6.dat   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\Perflib_Perfdata_1b0.dat   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\Perflib_Perfdata_c18.dat   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\Perflib_Perfdata_c20.dat   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\trace.txt   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\tricon-Email Removedtxt   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\~DFDCEC.tmp   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\~DFE25B.tmp   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\~DFF276.tmp   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\~DFF6F8.tmp   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\My Documents\Games\Home\My Documents\Worms2-dm.exe   Infected: not-a-virus:AdWare.Win32.Trymedia.a   skipped
C:\Documents and Settings\Zaigar's Realm\My Documents\My Received Files\WPEXP.rar/WPE PRO.exe   Infected: Sniffer.Win32.WpePro.a   skipped
C:\Documents and Settings\Zaigar's Realm\My Documents\My Received Files\WPEXP.rar/WpeSpy.dll   Infected: Sniffer.Win32.WpePro.a   skipped
C:\Documents and Settings\Zaigar's Realm\My Documents\My Received Files\WPEXP.rar   RAR: infected - 2   skipped
C:\Documents and Settings\Zaigar's Realm\My Documents\Smother\WPE PRO.exe   Infected: Sniffer.Win32.WpePro.a   skipped
C:\Documents and Settings\Zaigar's Realm\My Documents\Smother\WpeSpy.dll   Infected: Sniffer.Win32.WpePro.a   skipped
C:\Documents and Settings\Zaigar's Realm\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\Zaigar's Realm\ntuser.dat.LOG   Object is locked   skipped
C:\mIRCStormV2.0.0\backup\mirc.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.616   skipped
C:\mIRCStormV2.0.0\mirc.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.617   skipped
C:\Program Files\AlienHead7.0\AlienHead 7.0.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.603   skipped
C:\Program Files\AlienHead7.0\Files\protection.mrc   Infected: Backdoor.IRC.Logare   skipped
C:\Program Files\HijackThis\backups\backup-20061204-011535-640.dll   Infected: not-a-virus:AdWare.Win32.Agent.b   skipped
C:\Program Files\MediaGateway\Updater.exe   Infected: not-a-virus:AdTool.Win32.WinAD.bv   skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713AB7228F1-98F2-4D9A-85C0-6E9284   Infected: not-a-virus:AdWare.Win32.NewDotNet.e   skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713A\45ADC0BF-4F3F-4398-9EFE-8AA3D4   Infected: not-a-virus:AdWare.Win32.NewDotNet   skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713A\CD73EA9C-76C0-4524-81E3-7A8FBA   Infected: not-a-virus:AdWare.Win32.NewDotNet   skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA3096233-388E-4FDE-AA34-843AFE   Infected: not-a-virus:AdWare.Win32.NewDotNet   skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA\4E2C649C-D701-4888-8020-9F00A2   Infected: not-a-virus:AdWare.Win32.NewDotNet.e   skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA\59EAAE33-B0A7-4599-87B0-0E08F8   Infected: not-a-virus:AdWare.Win32.NewDotNet   skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\5227A05A-C262-4BC6-8753-7604B9\8A585877-6690-45CC-B213-C821F2   Infected: not-a-virus:AdWare.Win32.180Solutions.s   skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\16AA3B86-187E-4E79-BBBC-DD0689   Infected: not-a-virus:AdTool.Win32.WhenU.b   skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\A2686E1C-B273-4099-8FED-E4C7C5   Infected: not-a-virus:AdTool.Win32.WhenU.g   skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\ED3A814A-DAF7-4BE0-AA2F-EBB2BD   Infected: not-a-virus:AdTool.Win32.WhenU.d   skipped
C:\Program Files\mIRC\mirc.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.616   skipped
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll   Infected: not-a-virus:AdTool.Win32.MyWebSearch.i   skipped
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
C:\WINDOWS\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINDOWS\MediaGateway.exe   Infected: not-a-virus:AdWare.Win32.WinAD.bt   skipped
C:\WINDOWS\NDNuninstall6_98.exe   Infected: not-a-virus:AdWare.Win32.NewDotNet.e   skipped
C:\WINDOWS\SchedLgU.Txt   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{11C45C40-3C12-4D1A-98A2-B70CBB88A28A}.bin   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\WINDOWS\Sti_Trace.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\edb.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb   Object is locked   skipped
C:\WINDOWS\system32\config\ACEEvent.evt   Object is locked   skipped
C:\WINDOWS\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\default   Object is locked   skipped
C:\WINDOWS\system32\config\default.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SAM   Object is locked   skipped
C:\WINDOWS\system32\config\SAM.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\software   Object is locked   skipped
C:\WINDOWS\system32\config\software.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\system   Object is locked   skipped
C:\WINDOWS\system32\config\system.LOG   Object is locked   skipped
C:\WINDOWS\system32\h323log.txt   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP   Object is locked   skipped
C:\WINDOWS\wiadebug.log   Object is locked   skipped
C:\WINDOWS\wiaservc.log   Object is locked   skipped
C:\WINDOWS\WindowsUpdate.log   Object is locked   skipped
D:\Program Files\Sierra\Steam\Steam.log   Object is locked   skipped
D:\Program Files\Sierra\Steam\SteamApps\winui.gcf   Object is locked   skipped
D:\Program Files\Sierra\Steam\SteamLogs\SteamStats.log   Object is locked   skipped
D:\RO2\Gravity\RO\WPE PRO.exe   Infected: Sniffer.Win32.WpePro.a   skipped
D:\RO2\Gravity\RO\WpeSpy.dll   Infected: Sniffer.Win32.WpePro.a   skipped
D:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped

Scan process completed.

guestolo · « **Reply #21 on:** December 07, 2006, 03:33:30 PM »

Can you do one more scan for me please

Download>>Install [color=\"#000099\"]AVG Anti-Spyware 7.5[/color] from Ewido networks

Load AVG-antispyware and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")

Close it out, we will need it later

Print the rest of these instructions or save them to a text file on desktop

Reboot your computer in SAFE MODE, sign in with your normal user account

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Load AVG-Antispyware

Click the "Settings" tab, Under "How to Act", click on "recommended action" and change to Quarantine and ensure that Automatically generate report after every scan is selected
Click back to the "Scan" tab and then click on Complete System Scan.
Let this scan complete, let it run uninterrupted
AVG will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Reboot the computer back to Normal windows
Delete fix.reg and redownload it from above and try merging it again, do you still get the error message?
Make sure you unzip it first

Come back here and post the report from AVG antispyware

Can you also do the following
Open your version of AVG AnitVirus software
Click on Information>>About AVG Free
Let me know Program Version No. please

Zaigar · « **Reply #22 on:** December 07, 2006, 10:19:50 PM »

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:02:10 PM 12/7/2006

+ Scan result:

C:\Program Files\Microsoft AntiSpyware\Quarantine\5227A05A-C262-4BC6-8753-7604B9\8A585877-6690-45CC-B213-C821F2 -> Adware.180Solutions : No action taken.
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : No action taken.
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : No action taken.
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : No action taken.
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
C:\Program Files\HijackThis\backups\backup-20061204-011535-640.dll -> Adware.Agent : No action taken.
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713AB7228F1-98F2-4D9A-85C0-6E9284 -> Adware.NewDotNet : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713A\45ADC0BF-4F3F-4398-9EFE-8AA3D4 -> Adware.NewDotNet : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713A\CD73EA9C-76C0-4524-81E3-7A8FBA -> Adware.NewDotNet : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA3096233-388E-4FDE-AA34-843AFE -> Adware.NewDotNet : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA\4E2C649C-D701-4888-8020-9F00A2 -> Adware.NewDotNet : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA\59EAAE33-B0A7-4599-87B0-0E08F8 -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : No action taken.
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\16AA3B86-187E-4E79-BBBC-DD0689 -> Adware.SaveNow : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\A2686E1C-B273-4099-8FED-E4C7C5 -> Adware.SaveNow : No action taken.
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\ED3A814A-DAF7-4BE0-AA2F-EBB2BD -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Zaigar's Realm\My Documents\Games\Home\My Documents\Worms2-dm.exe -> Adware.Trymedia : No action taken.
C:\Program Files\MediaGateway\Updater.exe -> Adware.WinAD : No action taken.
C:\WINDOWS\MediaGateway.exe -> Adware.WinAD : No action taken.
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} -> Adware.ZangoSearch : No action taken.
C:\Documents and Settings\Zaigar's Realm\My Documents\My Received Files\WPEXP.rar/WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.a : No action taken.
C:\Documents and Settings\Zaigar's Realm\My Documents\My Received Files\WPEXP.rar/WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.a : No action taken.
C:\Documents and Settings\Zaigar's Realm\My Documents\Smother\WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.a : No action taken.
C:\Documents and Settings\Zaigar's Realm\My Documents\Smother\WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.a : No action taken.
D:\RO2\Gravity\RO\WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.a : No action taken.
D:\RO2\Gravity\RO\WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.a : No action taken.

::Report end

Oh and the version that I'm using for AntiVirus is 7.1.394. I can't seem to install any updates for AVG Anti Virus.

guestolo · « **Reply #23 on:** December 07, 2006, 10:36:38 PM »

Unfortunately, as you can see by the log from Antispyware
You didn't set to Quarantine

EG>>>C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : No action taken.

Can you do the following
Ensure that you
PRINT these instructions or Save them too a Text file so you can follow along

Remain in Normal mode
Close down all unnecessary programs running in the background
This includes this Browser window

Find and delete this folder
C:\Program Files\MediaGateway <-folder

Load AVG-Antispyware

Follow these instructions CLOSELY
*Click the "Scanner" tab
* Click the "Settings" tab, Under "How to Act", click on "recommended action" and change to Quarantine and ensure that "Automatically generate report after every scan" is selected
* Click back to the "Scan" tab and then click on Complete System Scan.
* Let this scan complete, let it run uninterrupted
* AVG will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
* Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Reboot the computer

Back in Windows
Go to the following link
http://free.grisoft.com/doc/5390/lng/us/tp...anti-virus-free

Download and Install it
The installer to the latest version of AVG free is under
"AVG Free for Windows installation files"
Follow the instruction on that page to install the latest version

After you have successfully installed the latest version, ensure it is updated and run a Full system scan with AVG AntiVirus
Let it clean whatever it finds
Reboot the computer afterwards

Come back here and post one last hijackthis log and the new report from AVG AntiSpyware you saved earlier

Zaigar · « **Reply #24 on:** December 08, 2006, 05:15:15 PM »

Oh I forgot to click Apply All Settings. I will do another Full System Scan, reboot, and post a fresh HiJackThis log, and the AVG Anti-Spyware log.

Logfile of HijackThis v1.99.1
Scan saved at 2:10:27 PM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\program files\sierra\steam\steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Little Fighter 2 Toolbar Helper - {AB41010D-4804-4793-A6A2-3B5EBE2348DD} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Little Fighter 2 Toolbar - {C11483F7-D7D8-4804-98D8-6055470BB989} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [Combined Community Codec Pack] "C:\Documents and Settings\Zaigar's Realm\Local Settings\Temp\[AHQ] Fullmetal Alchemist - The Conqueror Of Shamballa H.264 [Subbed] MKV\Combined-Community-Codec-Pack-2006-01-18.exe" /INSTTYPE=ALL /SMDIR="Combined Community Codec Pack" /D=C:\Program Files\Combined Community Codec Pack
O4 - HKCU\..\Run: [Steam] "d:\program files\sierra\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d5f25dc3490e4a5baf3d1678bd01adb7
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d5f25dc3490e4a5baf3d1678bd01adb7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} (SysInfo Control) - http://www.cabal.co.kr/Include/SysInfo.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:05:09 PM 12/8/2006

+ Scan result:

C:\Program Files\Microsoft AntiSpyware\Quarantine\5227A05A-C262-4BC6-8753-7604B9\8A585877-6690-45CC-B213-C821F2 -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).
C:\Program Files\HijackThis\backups\backup-20061204-011535-640.dll -> Adware.Agent : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713AB7228F1-98F2-4D9A-85C0-6E9284 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713A\45ADC0BF-4F3F-4398-9EFE-8AA3D4 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine173BFEB-1484-47F4-860E-6D713A\CD73EA9C-76C0-4524-81E3-7A8FBA -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA3096233-388E-4FDE-AA34-843AFE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA\4E2C649C-D701-4888-8020-9F00A2 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\37221995-865A-4D05-BCCF-DC0DBA\59EAAE33-B0A7-4599-87B0-0E08F8 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\16AA3B86-187E-4E79-BBBC-DD0689 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\A2686E1C-B273-4099-8FED-E4C7C5 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FD35B9A-01E4-46D2-A2D5-1708FB\ED3A814A-DAF7-4BE0-AA2F-EBB2BD -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Zaigar's Realm\My Documents\Games\Home\My Documents\Worms2-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\WINDOWS\MediaGateway.exe -> Adware.WinAD : Cleaned with backup (quarantined).
HKU\S-1-5-21-602162358-1275210071-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} -> Adware.ZangoSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Zaigar's Realm\My Documents\My Received Files\WPEXP.rar/WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Zaigar's Realm\My Documents\My Received Files\WPEXP.rar/WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Zaigar's Realm\My Documents\Smother\WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Zaigar's Realm\My Documents\Smother\WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.a : Cleaned with backup (quarantined).
D:\RO2\Gravity\RO\WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.a : Cleaned with backup (quarantined).
D:\RO2\Gravity\RO\WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.a : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.14:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.15:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Zaigar's Realm\Cookies\zaigar's realm@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.32:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.33:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.34:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.37:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.35:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.40:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.30:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.31:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.17:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\Zaigar's Realm\Application Data\Mozilla\Firefox\Profiles\2ahwwr7v.Zaigar\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

guestolo · « **Reply #25 on:** December 08, 2006, 10:57:13 PM »

Have you disabled Microsoft Antispyware from running on startup
Or was it disabled after you got the infection?

I don't see the Email scanner running after you installed AVG
Can you go to START>>RUN>>type in services.msc
Hit OK
On the right hand side, look for this service name
AVG E-mail Scanner
If found, double click on it and click the START button if allowed
Apply and exit out of there

Does fix.reg import now?
You did unzip it didn't you?
Can you right click on fix.reg and select EDIT
copy>>paste back here the contents please

Also post a fresh hijackthis log

Zaigar · « **Reply #26 on:** December 10, 2006, 09:07:18 PM »

I cannot seem to find AVG E-mail Scanner in the list. I have double checked but I couldn't find it.

And by the way, was it fix.reg or remove.reg? I'm sorta confused.

guestolo · « **Reply #27 on:** December 11, 2006, 12:59:24 AM »

Quote

And by the way, was it fix.reg or remove.reg? I'm sorta confused.

Post back the contents of both
Also, are you signed in as an Adminstrator on this computer?
If not, are there other users on this computer

Avg email scanner, I've posted to a couple other users about this
Let's see what they come up with

Zaigar · « **Reply #28 on:** December 11, 2006, 02:57:14 AM »

Administrator is available during safe mode only. It doesn't show when the computer is booted normally.

guestolo · « **Reply #29 on:** December 11, 2006, 09:40:35 AM »

I realize that, but does your account have Admin.. privileges?
Go to START>>Control Panel
Open User Accounts, Select your account

Are you the only user on the computer?

Also, I asked you this earlier
Have you disabled Microsoft Antispyware from running on startup
Or was it disabled after you got the infection?

Zaigar · « **Reply #30 on:** December 11, 2006, 10:57:39 AM »

Yes my account has Admin privileges.

I am the only user on the computer.

I do not remember disabling AntiSpyware from running on startup. I'm not sure what happened there, but it seems to be working fine.
On services.msc the startup type says Automatic.

guestolo · « **Reply #31 on:** December 11, 2006, 07:51:15 PM »

You must start posting back all the info I ask for

Quote

And by the way, was it fix.reg or remove.reg? I'm sorta confused.

Can you post the contents of both please

Zaigar · « **Reply #32 on:** December 12, 2006, 12:30:40 AM »

I am not able to open these files though.

guestolo · « **Reply #33 on:** December 12, 2006, 12:35:28 AM »

Can you right click on fix.reg and select EDIT
copy>>paste back here the contents please

Zaigar · « **Reply #34 on:** December 12, 2006, 02:00:49 AM »

Contents of fix.reg:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

TheTechGuide Forum

News:

Author Topic: Help required. (Read 1919 times)

Zaigar

Help required.

guestolo

Help required.

Zaigar

Help required.

guestolo

Help required.

Zaigar

Help required.

guestolo

Help required.

Zaigar

Help required.

guestolo

Help required.

Zaigar

Help required.

guestolo

Help required.

Zaigar

Help required.

guestolo

Help required.

Zaigar

Help required.

guestolo

Help required.

Zaigar

Help required.