AntiVir PersonalEdition Classic
Report file date: Saturday, September 08, 2007 14:34

Scanning for 1053868 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Owner
Computer name: MOMDADMYA

Version information:
BUILD.DAT : 268 15604 Bytes 8/31/2007 13:04:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 21:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 20:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 23:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 20:35:20
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 5/31/2006 20:32:40
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 7/10/2007 20:32:46
ANTIVIR2.VDF : 6.39.1.74 1637376 Bytes 9/2/2007 21:16:21
ANTIVIR3.VDF : 6.39.1.106 168960 Bytes 9/8/2007 21:16:21
AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 8/30/2007 01:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 18:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 15:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 21:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 16:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 15:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 20:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 15:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 19:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 20:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 20:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 17:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Saturday, September 08, 2007 14:34

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'Kodak Software Updater.exe' - '1' Module(s) have been scanned
Scan process 'EasyShare.exe' - '1' Module(s) have been scanned
Scan process 'bigfix.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FirewallGUI.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'PRISMXL.SYS' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'realplay.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'napster.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'shwiconEM.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FWService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
46 processes with 46 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '41' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{80015AFF-0000-0000-C1B6-79103E7FDD4D}\DATA.CAB
[0] Archive type: CAB (Microsoft)
--> RESOURCE1
[DETECTION] Is the Trojan horse TR/Zlob.65536.1
[INFO] The file was moved to '473715cb.qua'!
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{80016592-0001-0000-39B6-AC150156EF43}\DATA.CAB
[0] Archive type: CAB (Microsoft)
--> RESOURCE1
[DETECTION] Is the Trojan horse TR/Dldr.Alphabet.12288.8
--> RESOURCE2
[DETECTION] Is the Trojan horse TR/Dldr.Alphabet.12288.8
--> RESOURCE3
[DETECTION] Is the Trojan horse TR/Dldr.Alphabet.12288.8
[INFO] The file was moved to '473715cc.qua'!
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{80016592-0001-0000-F427-EA1DACD2E193}\DATA.CAB
[0] Archive type: CAB (Microsoft)
--> RESOURCE1
[DETECTION] Is the Trojan horse TR/Dldr.Alphabet.12288.8
[INFO] The file was moved to '4694972d.qua'!
Begin scan in 'D:\'
Begin scan in 'E:\' <PHOTOS>


End of the scan: Saturday, September 08, 2007 15:15
Used time: 41:16 min

The scan has been done completely.

4981 Scanning directories
263102 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
263097 Files not concerned
7858 Archives were scanned
2 Warnings
20 Notes
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/08/2007 at 04:18 PM

Application Version : 3.9.1008

Core Rules Database Version : 3302
Trace Rules Database Version: 1308

Scan type : Complete Scan
Total Scan Time : 00:35:58

Memory items scanned : 538
Memory threats detected : 0
Registry items scanned : 5596
Registry threats detected : 3
File items scanned : 32440
File threats detected : 167

Adware.Tracking Cookie
C:\Documents and Settings\Owner\cookies\owner@edge.ru4[1].txt
C:\Documents and Settings\Owner\cookies\owner@ascendmedia.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.googleadservices[2].txt
C:\Documents and Settings\Owner\cookies\owner@winantivirus[1].txt
C:\Documents and Settings\Owner\cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-thomsonhealthcareinc.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@yieldmanager[2].txt
C:\Documents and Settings\Owner\cookies\owner@bs.serving-sys[1].txt
C:\Documents and Settings\Owner\cookies\owner@ads.adbrite[2].txt
C:\Documents and Settings\Owner\cookies\owner@stats.drivecleaner[2].txt
C:\Documents and Settings\Owner\cookies\owner@tremor.adbureau[1].txt
C:\Documents and Settings\Owner\cookies\owner@primedia.us.intellitxt[1].txt
C:\Documents and Settings\Owner\cookies\owner@stats.privacyprotector[2].txt
C:\Documents and Settings\Owner\cookies\owner@tacoda[4].txt
C:\Documents and Settings\Owner\cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.revsci[1].txt
C:\Documents and Settings\Owner\cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner\cookies\owner@bluestreak[2].txt
C:\Documents and Settings\Owner\cookies\owner@statcounter[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.directnetadvertising[1].txt
C:\Documents and Settings\Owner\cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\cookies\owner@gomyron[2].txt
C:\Documents and Settings\Owner\cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner\cookies\owner@zedo[2].txt
C:\Documents and Settings\Owner\cookies\owner@paypal.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@qnsr[1].txt
C:\Documents and Settings\Owner\cookies\owner@drivecleaner[2].txt
C:\Documents and Settings\Owner\cookies\owner@ad2.adnetinteractive[2].txt
C:\Documents and Settings\Owner\cookies\owner@californiachamberofcommerce.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@adtech[2].txt
C:\Documents and Settings\Owner\cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.burstbeacon[1].txt
C:\Documents and Settings\Owner\cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\cookies\owner@i.screensavers[1].txt
C:\Documents and Settings\Owner\cookies\owner@anat.tacoda[2].txt
C:\Documents and Settings\Owner\cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner\cookies\owner@ar.atwola[1].txt
C:\Documents and Settings\Owner\cookies\owner@adopt.specificclick[2].txt
C:\Documents and Settings\Owner\cookies\owner@3.adbrite[2].txt
C:\Documents and Settings\Owner\cookies\owner@microsoftwlmessengermkt.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@adopt.euroclick[1].txt
C:\Documents and Settings\Owner\cookies\owner@4.adbrite[1].txt
C:\Documents and Settings\Owner\cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner\cookies\owner@trafficmp[2].txt
C:\Documents and Settings\Owner\cookies\owner@precisionclick[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.burstnet[1].txt
C:\Documents and Settings\Owner\cookies\owner@atwola[2].txt
C:\Documents and Settings\Owner\cookies\owner@tradedoubler[2].txt
C:\Documents and Settings\Owner\cookies\owner@overture[1].txt
C:\Documents and Settings\Owner\cookies\owner@gomyron[1].txt
C:\Documents and Settings\Owner\cookies\owner@doubleclick[2].txt
C:\Documents and Settings\Owner\cookies\owner@ad.yieldmanager[11].txt
C:\Documents and Settings\Owner\cookies\owner@perf.overture[1].txt
C:\Documents and Settings\Owner\cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Owner\cookies\owner@adserver3.teracent[1].txt
C:\Documents and Settings\Owner\cookies\owner@msnportalbeetoffice2007.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@247realmedia[2].txt
C:\Documents and Settings\Owner\cookies\owner@azjmp[2].txt
C:\Documents and Settings\Owner\cookies\owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@stats1.reliablestats[1].txt
C:\Documents and Settings\Owner\cookies\owner@phg.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.ookla[2].txt
C:\Documents and Settings\Owner\cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner\cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Owner\cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@indextools[2].txt
C:\Documents and Settings\Owner\cookies\owner@ad.uk.tangozebra[1].txt
C:\Documents and Settings\Owner\cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\cookies\owner@adv.webmd[2].txt
C:\Documents and Settings\Owner\cookies\owner@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Owner\cookies\owner@linksynergy[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.trackspace[1].txt
C:\Documents and Settings\Owner\cookies\owner@optimost[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-nestleusainc.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@kaboose.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@nextag[1].txt
C:\Documents and Settings\Owner\cookies\owner@metacafe.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@media.adrevolver[2].txt
C:\Documents and Settings\Owner\cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\cookies\owner@partner2profit[2].txt
C:\Documents and Settings\Owner\cookies\owner@bizrate[2].txt
C:\Documents and Settings\Owner\cookies\owner@citi.bridgetrack[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.w3counter[1].txt
C:\Documents and Settings\Owner\cookies\owner@a.websponsors[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.cnn[1].txt
C:\Documents and Settings\Owner\cookies\owner@statse.webtrendslive[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.associatedcontent[1].txt
C:\Documents and Settings\Owner\cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads4.blastro[2].txt
C:\Documents and Settings\Owner\cookies\owner@data2.perf.overture[1].txt
C:\Documents and Settings\Owner\cookies\owner@us.mediaplayer.aol[2].txt
C:\Documents and Settings\Owner\cookies\owner@stat.dealtime[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.addynamix[2].txt
C:\Documents and Settings\Owner\cookies\owner@babyuniverse.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@bluelavagroup.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@ads.realtechnetwork[1].txt
C:\Documents and Settings\Owner\cookies\owner@adinterax[1].txt
C:\Documents and Settings\Owner\cookies\owner@statse.webtrendslive[1].txt
C:\Documents and Settings\Owner\cookies\owner@hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@celebrateexpress.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@t0.counter43[1].txt
C:\Documents and Settings\Owner\cookies\owner@counter.hitslink[1].txt
C:\Documents and Settings\Owner\cookies\owner@brightcove.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@shopping.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@try.screensavers[1].txt
C:\Documents and Settings\Owner\cookies\owner@medhelpinternational.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@maxim.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@ad.xplusone[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-traderpublishing.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@ad.directanetworks[2].txt
C:\Documents and Settings\Owner\cookies\owner@cpvfeed[2].txt
C:\Documents and Settings\Owner\cookies\owner@eb.adbureau[1].txt
C:\Documents and Settings\Owner\cookies\owner@richmedia.yahoo[1].txt
C:\Documents and Settings\Owner\cookies\owner@www7.addfreestats[1].txt
C:\Documents and Settings\Owner\cookies\owner@hg1.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.googleadservices[1].txt
C:\Documents and Settings\Owner\cookies\owner@anad.tacoda[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-foxmovies.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-myspaceinc.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-dermadoctor.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-aha.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@roiservice[1].txt
C:\Documents and Settings\Owner\cookies\owner@sitestat.mayoclinic[3].txt
C:\Documents and Settings\Owner\cookies\owner@adecn[1].txt
C:\Documents and Settings\Owner\cookies\owner@freecodesource.advertserve[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.addfreestats[1].txt
C:\Documents and Settings\Owner\cookies\owner@ads.mouseplanet[2].txt
C:\Documents and Settings\Owner\cookies\owner@adlegend[2].txt
C:\Documents and Settings\Owner\cookies\owner@m1.webstats.motigo[1].txt
C:\Documents and Settings\Owner\cookies\owner@americanbarassociation.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@server.iad.liveperson[3].txt
C:\Documents and Settings\Owner\cookies\owner@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@heavycom.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-medpagetoday.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@ford.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.clickmanage[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.mediamayhemcorp[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.elitecarseats[1].txt
C:\Documents and Settings\Owner\cookies\owner@screensavers[2].txt
C:\Documents and Settings\Owner\cookies\owner@reduxads.valuead[2].txt
C:\Documents and Settings\Owner\cookies\owner@eas.apm.emediate[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-classifiedventures.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[3].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[4].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[5].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[6].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[7].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[8].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[9].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[3].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@msnportal.112.2o7[1].txt

Trojan.WinAntiSpyware 2007
HKLM\Software\WinAntiSpyware 2007
HKLM\Software\WinAntiSpyware 2007#EulUWAS7_0001_N91M2703
HKLM\Software\WinAntiSpyware 2007#ProductCode
C:\Program Files\Common Files\WinAntiSpyware 2007
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP410\A0043047.EXE


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:33:16 PM 9/8/2007

+ Scan result:



C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@search.live[2].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.


::Report end



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:38 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\windows\system32\svchost.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\bigfix.exe
C:\windows\system32\javaw.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NI.UWA7P_0001_N91M0809] "c:\documents and settings\owner\application data\winantiviruspro2007freeinstall[1].exe" -nag
O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M2703] "c:\documents and settings\owner\application data\winantispyware2007freeinstall[1].exe" -nag
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119w.bay119.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9011 bytes

Anyone help?

Hi Mya,

Run HijackThis and choose Do A System Scan then place a check next to these entries

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O4 - HKLM\..\Run: [NI.UWA7P_0001_N91M0809] "c:\documents and settings\owner\application data\winantiviruspro2007freeinstall[1].exe" -nag
O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M2703] "c:\documents and settings\owner\application data\winantispyware2007freeinstall[1].exe" -nag

Close all open browser and other windows except for HijackThis and press the Fix Checked button

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

Finally generate a report of the Add/Remove screen entries:
Open Hijackthis, and click the Misc Tools button.
Then click the Open Uninstall Manager... button.
The Add/Remove Programs Manager panel should appear.
In this panel click the Save list button.
Save the uninstall_list.txt file to your desktop and copy and paste the contents back in your next reply.


Please then post back the Combofix log, Uninstall list and a new HijackThis log by using the button

Cheers

Andy