newbie needs help with virus

**ken979** · #1 23rd Dec 2007, 08:46 AM

hi every one my norton anti virus discovered a virus. for some reason it does not let me remove it. i looked in the virus vault and it wasnt there. every time i do a scan it, it apears again.

anti virus free editon is the one i am using.

it has happened 3 times already and i cant remove it using norton

i am newbie, what should i do?
this is what happening on the screen.

C:/windows/system32/shell32.dll

C:/document and settings/lam/local settings/ temporary internet files/ content.IES/ADC7ITI5/ comfort-hotel-reading.co{1}.htm

**ken979** · #2 24th Dec 2007, 08:32 AM

please can some one give me some advice.

the anti virus keeps poping up with a virus i can not remove. i wish i know what to do

**evilfantasy** · #3 26th Dec 2007, 04:55 PM

Please see this post and submit the logs to begin the removal process.

**ken979** · #4 28th Dec 2007, 11:24 AM

thank you i will have a look

thank you again

**ken979** · #5 28th Dec 2007, 05:47 PM

how do i create a malware removal log. this link
http://www.thecomputerforums.co.uk/f...-posting-7476/
doesnt work properly. i tried clicking on the three logs link. thank you

Malware Removal

Following these steps will create three logs to be included in your post, an Antispyware log, Online Scan log, and a HijackThis log.

Save each log after each scan somewhere you can easily find them. Without them we will not know where the malware is, or how to remove it.

**evilfantasy** · #6 28th Dec 2007, 05:50 PM

Which log are you having problems with?

**ken979** · #7 30th Dec 2007, 11:32 AM

Antispyware log, Scan log, and a HijackThis log.

do you mean keep a word document because i cant find the antisayware log program, scan log program and hijack this log program.

i am having problems with all of them.

**ken979** · #8 30th Dec 2007, 11:32 AM

when i click a link it doesnt go through

**evilfantasy** · #9 30th Dec 2007, 11:45 AM

See if you can get the HijackThis to work. Once it is done scanning it will automatically produce a log for you.

**ken979** · #10 30th Dec 2007, 01:14 PM

not sure where to post this. i hope it is here. thank you

-----------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:17, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: TBSB08131 - {BEF0D9FA-0BC4-4CE3-812D-63642A7E2590} - C:\Program Files\IEToolbar\Power Search Tool\power_search_tool_3uk.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Power Search Tool - {BFB5F154-9212-46F3-B547-AC6106030A54} - C:\Program Files\IEToolbar\Power Search Tool\power_search_tool_3uk.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier. exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/temp...control013.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7512 bytes

**ken979** · #11 30th Dec 2007, 01:16 PM

thank you it has worked but the other 2 hasnt. lets see waht happens

thank you again

**evilfantasy** · #12 30th Dec 2007, 01:20 PM

Go ahead and post the HijackThis log.

**evilfantasy** · #13 30th Dec 2007, 01:35 PM

Moved to the other thread.

After all of that I don't see anything really malicious in the log. We can fix this one entry though.

Open HijackThis and select Do a system scan only then place a check mark next to:

O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/temp...control013.cab

Close all windows except for HijackThis and click Fix checked

You need to do the step for updating Java in the Malware Removal thread.

Try to complete the SUPERAntiSpyware and ESET scans to see if they find anything.

**ken979** · #14 18th Jan 2008, 03:33 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/18/2008 at 11:25 PM
Application Version : 3.9.1008
Core Rules Database Version : 3382
Trace Rules Database Version: 1376
Scan type : Complete Scan
Total Scan Time : 00:42:09
Memory items scanned : 459
Memory threats detected : 0
Registry items scanned : 5359
Registry threats detected : 16
File items scanned : 38772
File threats detected : 236
Adware.Tracking Cookie
C:\Documents and Settings\Lam\Cookies\lam@freekeywords.wordtracker[1].txt
C:\Documents and Settings\Lam\Cookies\lam@www.freekeywords.wordtrac ker[1].txt
C:\Documents and Settings\Lam\Cookies\lam@ht3[1].txt
C:\Documents and Settings\Lam\Cookies\lam@phpmv2[3].txt
C:\Documents and Settings\Lam\Cookies\lam@hypertracker[2].txt
C:\Documents and Settings\Lam\Cookies\lam@superhappysex[2].txt
C:\Documents and Settings\Lam\Cookies\lam@findarticles[1].txt
C:\Documents and Settings\Lam\Cookies\lam@a[1].txt
C:\Documents and Settings\Lam\Cookies\lam@secretsexposed.com[1].txt
C:\Documents and Settings\Lam\Cookies\lam@partner2profit[2].txt
C:\Documents and Settings\Lam\Cookies\lam@nextag.co[1].txt
C:\Documents and Settings\Lam\Cookies\lam@awstats.sourceforge[2].txt
C:\Documents and Settings\Lam\Cookies\lam@www.burstbeacon[2].txt
C:\Documents and Settings\Lam\Cookies\lam@www.wordtracker[1].txt
C:\Documents and Settings\Lam\Cookies\lam@stat.dealtime[2].txt
C:\Documents and Settings\Lam\Cookies\lam@www.dealtime[2].txt
C:\Documents and Settings\Lam\Cookies\lam@revsci[2].txt
C:\Documents and Settings\Lam\Cookies\lam@ads.neowin[1].txt
C:\Documents and Settings\Lam\Cookies\lam@asiafriendfinder[2].txt
C:\Documents and Settings\Lam\Cookies\lam@sales.liveperson[2].txt
C:\Documents and Settings\Lam\Cookies\lam@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Lam\Cookies\lam@dcswn5rppvdn88xgvoaebyzjv _6k3l[1].txt
C:\Documents and Settings\Lam\Cookies\lam@dynamicsexlife[1].txt
C:\Documents and Settings\Lam\Cookies\lam@advert.seekwellness[1].txt
C:\Documents and Settings\Lam\Cookies\lam@web-stat[1].txt
C:\Documents and Settings\Lam\Cookies\lam@86455374[2].txt
C:\Documents and Settings\Lam\Cookies\lam@saletrack.co[1].txt
C:\Documents and Settings\Lam\Cookies\lam@sexuality.about[1].txt
C:\Documents and Settings\Lam\Cookies\lam@wordtracker[1].txt
C:\Documents and Settings\Lam\Cookies\lam@fs10.fusestats[1].txt
C:\Documents and Settings\Lam\Cookies\lam@ad[1].txt
C:\Documents and Settings\Lam\Cookies\lam@dealtime[2].txt
C:\Documents and Settings\Lam\Cookies\lam@s[1].txt
C:\Documents and Settings\Lam\Cookies\lam@roiservice[1].txt
C:\Documents and Settings\Lam\Cookies\lam@content.clickbank[1].txt
C:\Documents and Settings\Lam\Cookies\lam@pbh.adbureau[2].txt
C:\Documents and Settings\Lam\Cookies\lam@nichemarketingoncrack[1].txt
C:\Documents and Settings\Lam\Cookies\lam@clickbank[1].txt
C:\Documents and Settings\Lam\Cookies\lam@www.expertsexchange[1].txt
C:\Documents and Settings\Lam\Cookies\lam@adopt.euroclick[1].txt
C:\Documents and Settings\Lam\Cookies\lam@perf.overture[1].txt
C:\Documents and Settings\Lam\Cookies\lam@55378520[2].txt
C:\Documents and Settings\Lam\Cookies\lam@atwola[1].txt
C:\Documents and Settings\Lam\Cookies\lam@overture[1].txt
C:\Documents and Settings\Lam\Cookies\lam@sexualvibe[1].txt
C:\Documents and Settings\Lam\Cookies\lam@indextools[1].txt
C:\Documents and Settings\Lam\Cookies\lam@valueclick[2].txt
C:\Documents and Settings\Lam\Cookies\lam@dealtime.co[2].txt
C:\Documents and Settings\Lam\Cookies\lam@findproductreview[2].txt
C:\Documents and Settings\Lam\Cookies\lam@indexstats[1].txt
C:\Documents and Settings\Lam\Cookies\lam@affiliate.wordtracker[2].txt
C:\Documents and Settings\Lam\Cookies\lam@www.clicknewz[2].txt
C:\Documents and Settings\Lam\Cookies\lam@tacoda[2].txt
C:\Documents and Settings\Lam\Cookies\lam@innertraditions[1].txt
C:\Documents and Settings\Lam\Cookies\lam@ads.aol.co[1].txt
C:\Documents and Settings\Lam\Cookies\lam@stuff[2].txt
C:\Documents and Settings\Lam\Cookies\lam@cgi-bin[6].txt
C:\Documents and Settings\Lam\Cookies\lam@pr.valueclick[1].txt
C:\Documents and Settings\Lam\Cookies\lam@adrevolver[2].txt
C:\Documents and Settings\Lam\Cookies\lam@uk[2].txt
C:\Documents and Settings\Lam\Cookies\lam@www.intelli-tracker[1].txt
C:\Documents and Settings\Lam\Cookies\lam@43836137[2].txt
C:\Documents and Settings\Lam\Cookies\lam@webstats.wthosting.co[1].txt
C:\Documents and Settings\Lam\Cookies\lam@a.findarticles[2].txt
C:\Documents and Settings\Lam\Cookies\lam@ads.associatedcontent[1].txt
C:\Documents and Settings\Lam\Cookies\lam@clicksor[1].txt
C:\Documents and Settings\Lam\Cookies\lam@ads.isnare[1].txt
C:\Documents and Settings\Lam\Cookies\lam@xiti[1].txt
C:\Documents and Settings\Lam\Cookies\lam@cardellmedia.co[2].txt
C:\Documents and Settings\Lam\Cookies\lam@www.web-stat[1].txt
C:\Documents and Settings\Lam\Cookies\lam@sexrevolutionblog[1].txt
C:\Documents and Settings\Lam\Cookies\lam@clickshift[1].txt
C:\Documents and Settings\Lam\Cookies\lam@hc2.humanclick[2].txt
C:\Documents and Settings\Lam\Cookies\lam@trafficregenerator[1].txt
C:\Documents and Settings\Lam\Cookies\lam@richjerk.sitetracker[1].txt
C:\Documents and Settings\Lam\Cookies\lam@www.hardtofindseminars[1].txt
C:\Documents and Settings\Lam\Cookies\lam@findyourwhy[2].txt
C:\Documents and Settings\Lam\Cookies\lam@bizrate[2].txt
C:\Documents and Settings\Lam\Cookies\lam@www.nichemarketingoncrack[2].txt
C:\Documents and Settings\Lam\Cookies\lam@cgi-bin[3].txt
C:\Documents and Settings\Lam\Cookies\lam@server.lon.liveperson[1].txt
C:\Documents and Settings\Lam\Cookies\lam@ads.exactseek[1].txt
C:\Documents and Settings\Lam\Cookies\lam@sexualhealthsecrets[1].txt
C:\Documents and Settings\Lam\Cookies\lam@superstats[1].txt
C:\Documents and Settings\Lam\Cookies\lam@www.free-counter.co[1].txt
C:\Documents and Settings\Lam\Cookies\lam@dealclick.co[2].txt
C:\Documents and Settings\Lam\Cookies\lam@hardtofindseminars[1].txt
C:\Documents and Settings\Lam\Cookies\lam@seoelite[1].txt
C:\Documents and Settings\Lam\Cookies\lam@cgi-bin[7].txt
C:\Documents and Settings\Lam\Cookies\lam@www.innertraditions[1].txt
C:\Documents and Settings\Lam\Cookies\lam@www.realcounters[1].txt
C:\Documents and Settings\Lam\Cookies\lam@liveperson[1].txt
C:\Documents and Settings\Lam\Cookies\lam@nextag[1].txt
C:\Documents and Settings\Lam\Cookies\lam@adtrackz[1].txt
C:\Documents and Settings\Lam\Cookies\lam@anad.tacoda[1].txt
C:\Documents and Settings\Lam\Cookies\lam@media.sensis.com[1].txt
C:\Documents and Settings\Lam\Cookies\lam@epurplemedia.co[2].txt
C:\Documents and Settings\Lam\Cookies\lam@anat.tacoda[2].txt
C:\Documents and Settings\Lam\Cookies\lam@t4.trackalyzer[1].txt
C:\Documents and Settings\Lam\Cookies\lam@cgi-bin[1].txt
C:\Documents and Settings\Lam\Cookies\lam@uk[1].txt
C:\Documents and Settings\Lam\Cookies\lam@www.traffictravis[1].txt
C:\Documents and Settings\Lam\Cookies\lam@ads.engineseeker[2].txt
C:\Documents and Settings\Lam\Cookies\lam@m1.webstats.motigo[2].txt
C:\Documents and Settings\Lam\Cookies\lam@ad1.emediate[1].txt
C:\Documents and Settings\Lam\Cookies\lam@www.cardellmedia.co[1].txt
C:\Documents and Settings\Lam\Cookies\lam@sexintheuk[2].txt
C:\Documents and Settings\Lam\Cookies\lam@panasonic[1].txt
C:\Documents and Settings\Lam\Cookies\lam@tripod[2].txt
C:\Documents and Settings\Lam\Cookies\lam@mediacollege[2].txt
C:\Documents and Settings\Lam\Cookies\lam@haynet.adbureau[2].txt
C:\Documents and Settings\Lam\Cookies\lam@1064757792[1].txt
C:\Documents and Settings\Lam\Cookies\lam@www.helponclick[1].txt
C:\Documents and Settings\Lam\Cookies\lam@eas.apm.emediate[2].txt
C:\Documents and Settings\Lam\Cookies\lam@bizrate.co[1].txt
C:\Documents and Settings\Lam\Cookies\lam@1067607433[1].txt
C:\Documents and Settings\Lam\Cookies\lam@ads.cnn[1].txt
C:\Documents and Settings\Lam\Cookies\lam@ads.telegraph.co[1].txt
C:\Documents and Settings\Lam\Cookies\lam@roysitetracker.sitetracke r[2].txt
C:\Documents and Settings\Lam\Cookies\lam@h.starware[2].txt
C:\Documents and Settings\Lam\Cookies\lam@keywordmax[1].txt
C:\Documents and Settings\Lam\Cookies\lam@www.femalefirst.co[2].txt
C:\Documents and Settings\Lam\Cookies\lam@fcoweb[1].txt
C:\Documents and Settings\Lam\Cookies\lam@expertsexchange[1].txt
C:\Documents and Settings\Lam\Cookies\lam@cgi-bin[5].txt
C:\Documents and Settings\Lam\Cookies\lam@linkto.mediafire[1].txt
C:\Documents and Settings\Lam\Cookies\lam@helponclick[1].txt
C:\Documents and Settings\Lam\Cookies\lam@www.clickmanage[2].txt
C:\Documents and Settings\Lam\Cookies\lam@adultadworld[1].txt
C:\Documents and Settings\Lam\Cookies\lam@bbs.adultwebmasterinfo[2].txt
C:\Documents and Settings\Lam\Cookies\lam@eyewonder[1].txt
C:\Documents and Settings\Lam\Cookies\lam@1060874409[2].txt
C:\Documents and Settings\Lam\Cookies\lam@ad1.clickhype[1].txt
C:\Documents and Settings\Lam\Cookies\lam@track.adform[2].txt
C:\Documents and Settings\Lam\Cookies\lam@mediafire[1].txt
C:\Documents and Settings\Lam\Cookies\lam@keywordelite[1].txt
C:\Documents and Settings\Lam\Cookies\lam@ad1.soundpedia[1].txt
C:\Documents and Settings\Lam\Cookies\lam@clickandcopyright[1].txt
C:\Documents and Settings\Lam\Cookies\lam@tracking.summitmedia.co[1].txt
C:\Documents and Settings\Lam\Cookies\lam@windowsmedia[1].txt
C:\Documents and Settings\Lam\Cookies\lam@1071657999[1].txt
C:\Documents and Settings\Lam\Cookies\lam@masteryoursexlife[2].txt
C:\Documents and Settings\Lam\Cookies\lam@1071876497[1].txt
C:\Documents and Settings\Lam\Cookies\lam@adserver.easyad[1].txt
C:\Documents and Settings\Lam\Cookies\lam@apornforum[2].txt
C:\Documents and Settings\Lam\Cookies\lam@www.liveperson[1].txt
C:\Documents and Settings\Lam\Cookies\lam@therapistfinder[1].txt
C:\Documents and Settings\Lam\Cookies\lam@adverts.digitalspy.co[1].txt
C:\Documents and Settings\Lam\Cookies\lam@reference[1].txt
C:\Documents and Settings\Lam\Cookies\lam@ads.videomaker[2].txt
C:\Documents and Settings\Lam\Cookies\lam@1071210784[1].txt
C:\Documents and Settings\Lam\Cookies\lam@www.lovematch-adult[1].txt
C:\Documents and Settings\Lam\Cookies\lam@ukvisas[1].txt
C:\Documents and Settings\Lam\Cookies\lam@webpower[1].txt
C:\Documents and Settings\Lam\Cookies\lam@web4.realtracker[1].txt
C:\Documents and Settings\Lam\Cookies\lam@2o7[1].txt
C:\Documents and Settings\Lam\Cookies\lam@femalefirst.co[2].txt
C:\Documents and Settings\Lam\Cookies\lam@sexualkey[2].txt
C:\Documents and Settings\Lam\Cookies\lam@ecnext.advertserve[1].txt
C:\Documents and Settings\Lam\Cookies\lam@profitadult[2].txt
C:\Documents and Settings\Lam\Cookies\lam@try.starware[2].txt
C:\Documents and Settings\Lam\Cookies\lam@londonparties.advertserve[1].txt
C:\Documents and Settings\Lam\Cookies\lam@1070410252[1].txt
C:\Documents and Settings\Lam\Cookies\lam@cgi-bin[2].txt
C:\Documents and Settings\Lam\Cookies\lam@adultfriendfinder[2].txt
C:\Documents and Settings\Lam\Cookies\lam@rude****[1].txt
C:\Documents and Settings\Lam\Cookies\lam@weborama[1].txt
C:\Documents and Settings\Lam\Cookies\lam@webstat[2].txt
C:\Documents and Settings\Lam\Cookies\lam@adcentriconline[1].txt
C:\Documents and Settings\Lam\Cookies\lam@clickaider[1].txt
C:\Documents and Settings\Lam\Cookies\lam@1064826071[1].txt
C:\Documents and Settings\Lam\Cookies\lam@toplist[1].txt
C:\Documents and Settings\Lam\Cookies\lam@adsense[1].txt
C:\Documents and Settings\Lam\Cookies\lam@adsense[3].txt
C:\Documents and Settings\Lam\Cookies\lam@webstats[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@2o7[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@ad.easydate[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@ad.zanox[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@ad1.emediate[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@adopt.euroclick[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@ads.soft32[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@ads.uknetguide.co[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@ads.yardads.co[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@adserver.emporis[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@asiafriendfinder[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@atwola[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@azjmp[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@burstnet[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@chinesefriendfinder[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@clickaider[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@clickbank[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@content.clickbank[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@data2.perf.overture[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@dealtime.co[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@dealtime[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@dynamicsexlife[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@entrepreneurs-journey[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@hardtofindseminars[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@hc2.humanclick[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@hornymatches[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@hypertracker[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@indexstats[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@indextools[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@livelinknewmedia.co[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@metacafe.122.2o7[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@nextag.co[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@nextag[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@nichemarketingoncrack[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@novell.112.2o7[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@overture[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@perf.overture[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@personaldatefinder[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@postclicktracking[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@qitraffic[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@redirect.qitraffic[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@revsci[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@richjerk.sitetracker[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@roiservice[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@rotator.adjuggler[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@serif.112.2o7[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@server.iad.liveperson[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@sexualkey[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@sitestats.co[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@stat.dealtime[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@superhappysex[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@tacoda[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@tradedoubler[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@uknakedmen[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@wordtracker[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@www.burstbeacon[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@www.dealtime[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@www.hornymatches[1].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@www.nichemarketingoncrac k[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@www.statssheet[2].txt
C:\Documents and Settings\Lam\Local Settings\Temp\Cookies\lam@www.wordtracker[2].txt
Browser Hijacker.Deskbar
HKCR\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}
HKCR\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\Implemented Categories
HKCR\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\InprocServer32
HKCR\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\InprocServer32#ThreadingModel
HKCR\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\ProgID
HKCR\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\Programmable
HKCR\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\TypeLib
HKCR\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\VersionIndependentProgID
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{BFB5F154-9212-46F3-B547-AC6106030A54}

**evilfantasy** · #15 18th Jan 2008, 03:42 PM

Have you tried the ESET scan yet?