I have a nasty adware issue. Popups relentlessly annoy me during my surfing =[

I haven't downloaded anything other than music.

Anyway, I have scanned using fully updated Adaware personal, spybot S&D, and Sophos antivirus, and all they can find is Tracking Cookies. And after I remove them, if I do another scan, they reappear.

I have NO suspicious processes running under my username.

I will post a hijackthis log n a few minutes.

Any help will be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 18:08:41, on 11/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\Desktop\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\David\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

hi Neon Knight,

lets scan and get a log from avg antispyware:

Download the trial version of AVG Anti-Spyware 7.5 (formerly ewido anti-spyware 4.0) from here:
http://www.ewido.net/en/download/

* Install AVG Anti-Spyware
* The program will now go to the main screen.

You will need to update AVG Anti-Spyware to the latest definition files.

* On the left-hand side of the main screen click the Update Button.
* Click on Start.

The update will start and a progress bar will show the updates being installed.
After the updates are installed,

* Click on Scanner
* Click on Complete System Scan to start the scan process.
* Let the program scan the machine, it may take some time.
* AVG Anti-Spyware will list any infections found on the left hand side.
* When the scan has finished, it will automatically set the recommended action. Click "Apply all actions" AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
* Click OK.


When the scan finishes click on "Save Report", then "Save Report As". This will create a text file.
Save the report to your Desktop.
Close AVG Anti-Spyware.
-----------------------------------------
please post the saved avg report in next reply.

shelf life

Okay, all done.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:53:59 11/20/2006

+ Scan result:



C:\Program Files\Adware Deluxe\AdwareDeluxe.exe -> Adware.PestBot : Ignored.
C:\!submits\ICROSO~1.NET\аti2evxx.exe -> Adware.PurityScan : Ignored.
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Ignored.
C:\Documents and Settings\David\My Documents\_\n00zn00zn00zn00z.rar/Setup.exe -> Backdoor.IRCBot.dd : Ignored.
C:\t.rar/Setup.exe -> Backdoor.IRCBot.dd : Ignored.
C:\Program Files\Common Files\ookf\ookfd\vocabulary -> Downloader.TSUpdate.j : Ignored.
C:\Program Files\Internet Explorer\kyzewepe.html -> Hijacker.Small.jf : Ignored.
C:\Program Files\WindowsUpdate\howy.html -> Hijacker.Small.jf : Ignored.
C:\Program Files\Cain\Abel.exe -> Not-A-Virus.PSWTool.Win32.Cain.284 : Ignored.
C:\Documents and Settings\David\Desktop\mspass.exe -> Not-A-Virus.PSWTool.Win32.Messen.106 : Ignored.
C:\WINDOWS\system32\rpcc.exe -> Proxy.Dlena.d : Ignored.
:mozilla.6:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\1x6qpque.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.27:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.28:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.29:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.17:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.52:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
:mozilla.55:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.56:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.57:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.16:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Mediaplex : Ignored.
:mozilla.53:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.54:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.66:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Revenue : Ignored.
:mozilla.25:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.6:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.7:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.8:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.58:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.59:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.60:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Zedo : Ignored.


::Report end

hi Neon Knight,

thanks for the info.
please do online scan, then rescan with avg antispyware, save the log and post the log form avg and the online panda scan:


http://www.pandasoftware.com/products/activescan.htm

* click the Scan your PC button
* A new window will open...click the Check Now button
* Enter your Country if not already posted
* Enter your State or Province
* Enter your e-mail address and click send
* Select either Home User or Company
* Click the big Scan Now button
* If prompted to install an ActiveX component-- allow it
* It will start downloading files it needs for the scan
* When download is complete, click on My Computer icon to start scan
* When the scan completes, if anything malicious is found, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Okay, all done.


Incident Status Location

Virus:trj/winopts.a Disinfected Operating system
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}
Adware:adware/whenusearch Not disinfected Windows Registry
Adware:Adware/PurityScan Not disinfected C:\!submits\ICROSO~1.NET\?ti2evxx.exe
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt[.overture.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt[.advertising.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt[.888.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt[.questionmarket.com/]
Hacktool:Hacktool/MSNPass.F Not disinfected C:\Documents and Settings\David\Desktop\mspass.exe
Possible Virus. Not disinfected C:\Documents and Settings\David\Desktop\ren-cmdservice\ren-cmdservice\swreg.exe
Possible Virus. Not disinfected C:\Documents and Settings\David\Desktop\ren-cmdservice.zip[ren-cmdservice/swreg.exe]
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\4JQRY78X\popup[1].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\MN218LEL\popup[3].htm
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\V7ROXTUE\popup[1].htm
Virus:W32/Sdbot.HLL.worm Disinfected C:\Documents and Settings\David\My Documents\_\n00zn00zn00zn00z.rar[Setup.exe]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\David\My Documents\~~~~ guitar pro 5 crack.zip[YSB_toolBar.exe]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\1x6qpque.default\cookies.txt[.2o7.net/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\LocalService\Cookies\system@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\LocalService\Cookies\system@888[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\LocalService\Cookies\system@cassava[1].txt
Potentially unwanted tool:Application/Adwareremover Not disinfected C:\Program Files\Adware Deluxe\AdwareDeluxe.exe
Hacktool:HackTool/Cain.B Not disinfected C:\Program Files\Cain\Abel.dll
Adware:Adware/SaveNow Not disinfected C:\Program Files\DAEMON Tools\SetupDTSB.exe
Possible Virus. Not disinfected C:\ren-cmdservice.zip[ren-cmdservice/swreg.exe]
Potentially unwanted tool:Application/Adwareremover Not disinfected C:\Setupadware remover.exe[fk.dll]
Potentially unwanted tool:Application/Adwareremover Not disinfected C:\Setupadware remover.exe[spydb.exe]
Potentially unwanted tool:Application/Adwareremover Not disinfected C:\Setupadware remover.exe[spydb.exe][helper.dll]
Potentially unwanted tool:Application/Adwareremover Not disinfected C:\Setupadware remover.exe[AdwareDeluxe.exe]
Virus:W32/Sdbot.HLL.worm Disinfected C:\t.rar[Setup.exe]
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\chk.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\RGF2aWQ\l3IZuqk.vbs
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\slx.exe�������������������

hi Neon Knight,

thanks for the info, i was hoping the panda scan would help clean it up. looks like you have some cracked software/keygens in there.

first to show all files do this:

FOr XP: on the desktop double click my computer,go to tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok

next look in add/remove programs file and uninstall if present:
Adwareremover
SaveNow
whenusearch
SystemDoctor
if not there, dont worry about it.
-----------------------------------------------------
locate each of these files and delete them:

guitar pro 5 crack.zip>>C:\Documents and Settings\David\My Documents\
n00zn00zn00zn00z.rar[Setup.exe]>>C:\Documents and Settings\David\My Documents
Setupadware remover.exe>>C:\Setupadware remover.exe

look here: C:\WINDOWS and see if you can find and delete each of these files:
chk.exe
RGF2aWQ\l3IZuqk.vbs
slx.exe
--------------------------------------------------------------
last do this:
Empty your Temp folders. Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin
----------------------------------------------------------------
rerun avg antispyware, save and post the log from it

did you install these two on your computer?
messenPass
cain and abel

Adwareremover
SaveNow
whenusearch
SystemDoctor

None were present.

guitar pro 5 crack.zip > Deleted.
n00zn00zn00zn00z.rar > Deleted
Setupadware remover.exe > Deleted

C:\WINDOWS:
chk.exe > deleted
RGF2aWQ\l3IZuqk.vbs > could not locate, even after search.
slx.exe > could not locate, even after search.


Empty your Temp folders. > Done.

rerun avg antispyware, save and post the log from it. Currently scanning, will post in a few minutes.

did you install these two on your computer?

MessenPass - I downloaded and installed this program to recover my MSN password which I had forgotten.

Cain and abel - I downloaded and installed this program to recover various other internet passwords I may have forgotten.

I noticed alot of files I couldn't locate to delete....is this a big problem?

Sorry about the double-post, but I will post the results of the AVG antispyware tomorrow as I need to sleep. :red:

I'll leave it running overnight. :bigthumb:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 07:37:45 11/22/2006

+ Scan result:



C:\System Volume Information\_restore{FDBD7A27-D604-4B79-A6AD-B615C2C42D7C}\RP3\A0001662.exe -> Adware.PestBot : Ignored.
C:\!submits\ICROSO~1.NET\аti2evxx.exe -> Adware.PurityScan : Ignored.
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Ignored.
C:\Program Files\Common Files\ookf\ookfd\vocabulary -> Downloader.TSUpdate.j : Ignored.
C:\Program Files\Internet Explorer\kyzewepe.html -> Hijacker.Small.jf : Ignored.
C:\Program Files\WindowsUpdate\howy.html -> Hijacker.Small.jf : Ignored.
C:\Program Files\Cain\Abel.exe -> Not-A-Virus.PSWTool.Win32.Cain.284 : Ignored.
C:\Documents and Settings\David\Desktop\mspass.exe -> Not-A-Virus.PSWTool.Win32.Messen.106 : Ignored.
C:\System Volume Information\_restore{FDBD7A27-D604-4B79-A6AD-B615C2C42D7C}\RP2\A0001534.exe -> Proxy.Dlena.d : Ignored.
:mozilla.6:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\1x6qpque.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.48:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.49:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.65:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.68:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.69:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.70:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.21:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.74:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.20:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
:mozilla.81:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.82:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.83:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.84:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.101:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.102:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.103:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.59:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.60:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.61:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.27:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Mediaplex : Ignored.
:mozilla.107:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Overture : Ignored.
:mozilla.79:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.80:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.71:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Revenue : Ignored.
:mozilla.22:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.23:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.24:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.25:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.26:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.95:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.66:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Sitestat : Ignored.
:mozilla.67:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Sitestat : Ignored.
:mozilla.35:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.36:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.6:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.7:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.8:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.100:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.96:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.97:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.98:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.99:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Zedo : Ignored.


::Report end

hi Neon Knight,

thanks for the info. look in your add/remove programs panel for:
OIN and uninstall if present.

and this one:
DAEMON Tools and uninstall if present

if you dont see OIN in the list click this link and download the uninstaller:
http://www.purityscan.com/uninstall.html
---------------------------------------------------------
next see if you can find and delete:

WindowsUpdate located here>>C:\Program Files
DAEMON Tools >>C:\Program Files
ookf>>C:\Program Files\Common Files
WindowsUpdate>>C:\Program Files

shelf life

All done....downloaded uninstaller (couldn't find in add/remove), removed all files mentioned...

Is that it? Should I post another AVG antispyware report?

hi Neon Knight,

yes, rescan with avg and post a new log to see if anythings is left. your popup problem, better now?

shelf life

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:28:25 11/23/2006

+ Scan result:



C:\System Volume Information\_restore{FDBD7A27-D604-4B79-A6AD-B615C2C42D7C}\RP3\A0001662.exe -> Adware.PestBot : Ignored.
C:\!submits\ICROSO~1.NET\аti2evxx.exe -> Adware.PurityScan : Ignored.
C:\RECYCLER\S-1-5-21-2052111302-1547161642-725345543-1005\Dc3\SetupDTSB.exe -> Adware.SaveNow : Ignored.
C:\RECYCLER\S-1-5-21-2052111302-1547161642-725345543-1005\Dc4\ookfd\vocabulary -> Downloader.TSUpdate.j : Ignored.
C:\Program Files\Internet Explorer\kyzewepe.html -> Hijacker.Small.jf : Ignored.
C:\RECYCLER\S-1-5-21-2052111302-1547161642-725345543-1005\Dc2\howy.html -> Hijacker.Small.jf : Ignored.
C:\Program Files\Cain\Abel.exe -> Not-A-Virus.PSWTool.Win32.Cain.284 : Ignored.
C:\Documents and Settings\David\Desktop\mspass.exe -> Not-A-Virus.PSWTool.Win32.Messen.106 : Ignored.
C:\System Volume Information\_restore{FDBD7A27-D604-4B79-A6AD-B615C2C42D7C}\RP2\A0001534.exe -> Proxy.Dlena.d : Ignored.
:mozilla.44:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.6:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\1x6qpque.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.123:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.124:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.48:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.49:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.50:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.51:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.42:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.141:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.43:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
:mozilla.95:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.
:mozilla.11:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.12:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.13:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.14:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.15:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.20:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.21:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.22:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.27:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.58:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.59:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.133:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.134:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.135:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.61:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Liveperson : Ignored.
:mozilla.62:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Liveperson : Ignored.
:mozilla.63:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Liveperson : Ignored.
:mozilla.64:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Liveperson : Ignored.
:mozilla.60:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Mediaplex : Ignored.
:mozilla.151:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Overture : Ignored.
:mozilla.144:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.145:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.87:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Revenue : Ignored.
:mozilla.118:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.119:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.120:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.121:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.122:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.147:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.137:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Sitestat : Ignored.
:mozilla.138:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Sitestat : Ignored.
:mozilla.10:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.8:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.9:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.23:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.24:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.25:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.26:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.112:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.113:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.114:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Zedo : Ignored.


::Report end



I'm sad to say that my adware problem has not gone....it's subsided a little, but after a while, it just came back.

Also, I should have mentioned this earlier, :red: but I keep getting a random "windows installer is loading" message and when I click cancel it crashes..

I am going to assume that it's re-installing all of the malware that was previously destroyed...

Although this was happening before I tried to get rid of the problem...

hi Neon Knight,

lets try running avg in safe mode. you can reach safe mode by tapping the f8 key during a computer restart. chose the first option on the list: safe mode. once in safe mode run avg antispyware.

also still in safe mode see if you can locate and delete these:
kyzewepe.html located>>C:\Program Files\Internet Explorer
!submits>>C:\
---------------------------------------------
please post the saved avg report, and also since its been awhile rescan and post a new hjt log so we can compare it to the older one.

shelf life

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:46:47 11/26/2006

+ Scan result:



C:\System Volume Information\_restore{FDBD7A27-D604-4B79-A6AD-B615C2C42D7C}\RP3\A0001662.exe -> Adware.PestBot : Ignored.
C:\!submits\ICROSO~1.NET\аti2evxx.exe -> Adware.PurityScan : Ignored.
C:\RECYCLER\S-1-5-21-2052111302-1547161642-725345543-1005\Dc3\SetupDTSB.exe -> Adware.SaveNow : Ignored.
C:\RECYCLER\S-1-5-21-2052111302-1547161642-725345543-1005\Dc4\ookfd\vocabulary -> Downloader.TSUpdate.j : Ignored.
C:\Program Files\Internet Explorer\kyzewepe.html -> Hijacker.Small.jf : Ignored.
C:\RECYCLER\S-1-5-21-2052111302-1547161642-725345543-1005\Dc2\howy.html -> Hijacker.Small.jf : Ignored.
C:\Program Files\Cain\Abel.exe -> Not-A-Virus.PSWTool.Win32.Cain.284 : Ignored.
C:\Documents and Settings\David\Desktop\mspass.exe -> Not-A-Virus.PSWTool.Win32.Messen.106 : Ignored.
C:\System Volume Information\_restore{FDBD7A27-D604-4B79-A6AD-B615C2C42D7C}\RP2\A0001534.exe -> Proxy.Dlena.d : Ignored.
:mozilla.173:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.6:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\1x6qpque.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.139:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.140:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.96:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.97:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.98:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.99:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.32:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.70:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.71:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.72:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.18:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
:mozilla.189:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.
:mozilla.49:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.52:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.53:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.54:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.55:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.34:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.35:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.36:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.37:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.77:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.78:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.79:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.80:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.81:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.82:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Falkag : Ignored.
:mozilla.180:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.106:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.107:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.110:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.111:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.152:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.181:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Liveperson : Ignored.
:mozilla.182:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Liveperson : Ignored.
:mozilla.183:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Liveperson : Ignored.
:mozilla.65:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Mediaplex : Ignored.
:mozilla.149:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Overture : Ignored.
:mozilla.87:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.88:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.83:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Revenue : Ignored.
:mozilla.13:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.14:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.15:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.16:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.17:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.19:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.170:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Sitestat : Ignored.
:mozilla.90:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Sitestat : Ignored.
:mozilla.91:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Sitestat : Ignored.
:mozilla.138:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignored.
:mozilla.50:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.51:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.56:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.22:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.23:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.24:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.25:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.26:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.33:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.38:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.39:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.40:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.41:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\f5ng5q14.default\cookies.txt -> TrackingCookie.Zedo : Ignored.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 21:53:43, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Veoh\VeohClientService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\David\Desktop\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll (disabled by BHODemon)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (disabled by BHODemon)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (disabled by BHODemon)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\David\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Program Files\Veoh\VeohClientService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

hi Neon Knight,

thanks for the logs. some of that stuff avg is flagging is in your system restore volume and your recycle bin. you can empty the recycle bin. we will make new restore points later.

see if you can locate these:
rpcc.exe>>located here>>C:\WINDOWS\system32
Setup.exe >>here>>C:\t.rar

try a search for this file:аti2evxx.exe located here:
C:\!submits\ICROSO~1.NET\

do another scan with avg and post the log please. you can edit out the cookies if you want.

shelf life

Stil with us Neon Knight?

Hi, yeah I'm still here.


AVG anti-spyware crashed when I tried to scan....Trying again right now...


heh.

Okay, done scan:



+ Created at: 22:11:31 12/06/2006

+ Scan result:

C:\System Volume Information\_restore{FDBD7A27-D604-4B79-A6AD-B615C2C42D7C}\RP3\A0001662.exe -> Adware.PestBot : Ignored.
C:\System Volume Information\_restore{FDBD7A27-D604-4B79-A6AD-B615C2C42D7C}\RP7\A0008464.exe -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{FDBD7A27-D604-4B79-A6AD-B615C2C42D7C}\RP7\A0008471.exe -> Adware.SaveNow : Ignored.
C:\Program Files\Cain\Abel.exe -> Not-A-Virus.PSWTool.Win32.Cain.284 : Ignored.
C:\Documents and Settings\David\Desktop\mspass.exe -> Not-A-Virus.PSWTool.Win32.Messen.106 : Ignored.
C:\System Volume Information\_restore{FDBD7A27-D604-4B79-A6AD-B615C2C42D7C}\RP2\A0001534.exe -> Proxy.Dlena.d : Cleaned with backup (quarantined).
C:\Program Files\WinRAR\Default.SFX -> Trojan.Qhost.dx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FDBD7A27-D604-4B79-A6AD-B615C2C42D7C}\RP3\A0003744.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\RGF2aWQ\l3IZuqk.vbs -> Trojan.Small : Cleaned with backup (quarantined).
::Report end

I edited out the cookies.

A few nasty trojans appeared....I have no idea how they got there..

And I keep getting a window waying "windows installer is preparing to install" and it just stays there for ages until it eventually goes away. I found windows installer in add/remove programs and it looked very dodgy...it had strange numbers and letters in the name, I removed it, restarted, and it was back in the list again...

What happened, a few weeks ago, is that windows installer stopped working, so I went to the internet, and downloaded a version of it to replace the one on my computer. that's when it all started happening. And it's seriously slowing down my gaming, making it minimising it for windows installer, making it lag, crash, etc.

I think that was wrong. Lol.

hi Neon Knight,

looks like whats left either as been quarantined or is in system restore points. anything in quarantine dont worry about, in fact you can delete the items if you want.
for the rest we can clean out the old restore points and make new ones like this:

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

I assume then I should post another AVG antispyware report?

sure post another one.

shelf life

Neon Knight, still with us?

This topic has been closed due to lack of a response.