bump not to be impatient lol i just wanted to be sure people could see this thread and hopefully it fixes the pc its an old compaq presario from 03 so it is not that great.

 

Hello masterchief239,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Download AVG Anti-Spyware from HERE
This is a 30 day trial of the program

• Install AVG Anti-Spyware
• Double-click the icon on Desktop to launch AVG Anti-Spyware

You will need to update AVG Anti-Spyware to the latest definition files.

• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.

• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti-Spyware. Do Not run a scan just yet, we will shortly.

------------------

Download and install CleanUp! but do not run it yet. (Not Recommended for XP64).

------------------

Download combofix to your desktop.

**It's important you save it directly to your desktop**

------------------------------------------------

Close any open browsers.

------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account.

------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

NewDotNet

-----------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any)

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_44.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O20 - Winlogon Notify: jkhhh - C:\WINDOWS\System32\jkhhh.dll (file missing)
O20 - Winlogon Notify: mlljh - C:\WINDOWS\System32\mlljh.dll (file missing)


Click 'Fix Checked' and close HijackThis.

-----------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

-----------------------------------

Using My Computer, navigate to and delete the following Folder if it still exists.

C:\Program Files\NewDotNet

-----------------------------------

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users
• Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.

Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.

------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

• Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
• AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
• Close AVG Anti-Spyware.

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

-----------------------------------

Reboot into Normal Mode.

-----------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on
   located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on
  then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

-----------------------------------

Run combofix.exe once again.

-----------------------------------

Run a new scan with HijackThis and save the log.

-----------------------------------

Please include the following in your next reply in the following order:

ComboFix2.txt
AVG Anti-Spyware results
Panda results
ComboFix.txt
New HijackThis log

 

Incident Status Location

Potentially unwanted tool:application/winfixer2005 Not disinfected c:\program files\common files\WinSoftware
Adware:adware/wupd Not disinfected Windows Registry
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\scooby\Cookies\scooby@2o7[1].txt
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Program Files\Common Files\WinSoftware\PrCheck.dll
Adware:Adware/Comet Not disinfected C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\biS.inf


scooby - 06-11-18 16:33:05.95 Service Pack 1
ComboFix 06.11.18W - Running from: "C:\Documents and Settings\scooby\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\INSTALL.LOG


((((((((((((((((((((((((((((((( Files Created from 2006-10-18 to 2006-11-18 ))))))))))))))))))))))))))))))))))


2006-11-18 16:20 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-18 16:20 <DIR> d-------- C:\Program Files\Grisoft
2006-11-10 15:06 <DIR> d-------- C:\Program Files\New Folder
2006-11-06 17:46 183,808 --a-s---- C:\WINDOWS\NDNuninstall7_44.exe
2006-11-05 13:15 <DIR> d-------- C:\Documents and Settings\scooby\Application Data\WinAntiSpyware 2006
2006-10-21 07:13 <DIR> d-------- C:\Program Files\MadCars_at


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-18 16:41 -------- d-a------ C:\Program Files\Common Files
2006-11-18 16:32 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-11-10 15:07 -------- d-------- C:\Program Files\hijack this
2006-11-07 18:07 -------- d-------- C:\Program Files\FishTycoon_at
2006-11-07 07:54 -------- d-a-s---- C:\Program Files\NewDotNet
2006-11-02 18:46 -------- d-------- C:\Program Files\Deep Sea Tycoon 2_at
2006-11-02 18:45 -------- d-------- C:\Program Files\3DLivePool_at
2006-11-02 18:44 -------- d-------- C:\Program Files\SpaceTaxi2_at
2006-11-02 18:43 -------- d-------- C:\Program Files\Sweetopia_at
2006-11-02 18:43 -------- d-------- C:\Program Files\SpongeBobDinerDash_at
2006-10-17 17:04 -------- d-------- C:\Program Files\Web Publish
2006-10-17 17:02 -------- d-------- C:\Program Files\Common Files\Broderbund
2006-10-17 17:02 -------- d-------- C:\Program Files\Broderbund
2006-10-17 17:01 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-12 07:02 -------- d-------- C:\Program Files\FeedingFrenzy2_at
2006-10-07 18:49 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-07 18:49 -------- d-------- C:\Program Files\AOL
2006-10-07 18:49 -------- d-------- C:\Program Files\AOD
2006-10-05 15:48 -------- d-------- C:\Program Files\Google
2006-10-04 15:59 -------- d-------- C:\Documents and Settings\scooby\Application Data\acccore
2006-10-04 15:17 -------- d-------- C:\Program Files\AIM
2006-10-03 17:17 -------- d-------- C:\Program Files\Common Files\aolshare
2006-10-02 21:00 629264 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2006-10-02 21:00 108592 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2006-10-01 14:58 183296 --a-s---- C:\WINDOWS\NDNuninstall7_22.exe
2006-10-01 14:55 50688 --a-s---- C:\WINDOWS\NDNuninstall6_38.exe
2006-10-01 14:55 -------- d-------- C:\Program Files\filesubmit
2006-09-25 15:00 -------- d-------- C:\Program Files\Screensavers.com
2006-09-24 12:05 -------- d-------- C:\Program Files\Hamsterball_at
2006-09-24 07:57 -------- d-------- C:\Program Files\LeapFrog
2006-09-24 07:56 -------- d-------- C:\Program Files\The Learning Company
2006-09-24 07:55 -------- d-------- C:\Program Files\THQ
2006-09-24 07:54 -------- d-------- C:\Program Files\TomsHenHouse_at
2006-09-24 07:51 -------- d-------- C:\Program Files\Motorama_at
2006-09-03 19:47 361984 --a------ C:\WINDOWS\system32\Kagaya.scr


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_04\\bin\\jusched.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb11.exe"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"HPHUPD06"="C:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPHmon06"="C:\\WINDOWS\\system32\\hphmon06.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"CaAvTray"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVRID.exe\""
"Zone Labs Client"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Firewall\\ca.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1160264942\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~1.DLL,ClientStartup -s"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://imagecache2.allposters.com/images/153/942408.jpg"
"SubscribedURL"="http://imagecache2.allposters.com/images/153/942408.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,04,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:02,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,5e,01,00,00,fa,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,52,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"DirectX For Microsoft® Windows"="C:\\WINDOWS\\system32\\fservice.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\EPSON Status Monitor 3 Environment Check 2.lnk"
"backup"="C:\\WINDOWS\\pss\\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_SRCV02.EXE "
"item"="EPSON Status Monitor 3 Environment Check 2"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\KODAK\\KODAKE~1\\bin\\EASYSH~1.EXE -h"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak software updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak software updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\KODAK\\KODAKS~1\\7288971\\Program\\KODAKS~1.EXE "
"item"="Kodak software updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1159913848\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Ip6FwHlp


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HP Usg Daily FY04.job

Completion time: 06-11-18 16:42:26.06
C:\ComboFix.txt ... 06-11-18 16:42


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:04:26 PM 11/18/2006

+ Scan result:



C:\Program Files\Microsoft AntiSpyware\Quarantine\15D822CA-D533-40ED-A893-3A6E99\267C66BF-E132-4B2E-8A8C-828D31 -> Adware.Background : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP520\A0353221.EXE -> Adware.Background : Cleaned with backup (quarantined).
C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP546\A0378994.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP574\A0399540.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\hijack this\backups\backup-20061118-165314-686.dll -> Adware.Coupons : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP588\A0410904.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\Program Files\TDS3\xDynamic\TDS.Unpk\bolae9in3l.exe -> Adware.F1Organizer : Cleaned with backup (quarantined).
C:\WINDOWS\iNetPal\bolae9in3l.exe -> Adware.F1Organizer : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\spookyscr.exe\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP545\A0376877.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP577\A0402678.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP577\A0402693.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP588\A0410901.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP588\A0410902.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP588\A0410903.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_44.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\Kellsei & Syd\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Kellsei & Syd\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Kellsei & Syd\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Kellsei & Syd\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Kellsei & Syd\Start Menu\Programs\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Kellsei & Syd\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\spookyscr.exe\SetupInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP545\A0376871.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP545\A0376872.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP545\A0376873.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer.1 -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller.1 -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sandlot Shared\slghex.dll -> Adware.SpywareStorm : Cleaned with backup (quarantined).
C:\GameHouse\Super Collapse 3\DeliciousInstall.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP530\A0360581.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CE70731D-F28D-4D81-9D61-C8EE60378401} -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP577\A0402716.dll -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WinSoftware\WFF.exe -> Adware.Winfixer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP577\A0402726.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP577\A0402727.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\WFF.sys -> Adware.Winfixer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\in2bS.dll -> Dropper.Small.abe : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_NI53TESTNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWAS5_0001_LP51NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.a : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.45:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.100:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.101:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.102:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.103:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.104:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.105:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.106:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.107:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.108:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.109:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.110:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.111:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.113:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.114:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.115:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.116:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.54:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.72:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.73:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.74:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.75:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.76:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.77:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.78:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.79:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.80:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.81:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.82:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.83:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.84:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.85:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.86:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.87:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.88:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.89:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.90:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.91:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.92:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.93:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.94:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.95:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.96:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.97:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.98:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.99:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.40:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.178:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.38:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.37:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.43:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.18:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.21:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.22:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.10:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.11:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.12:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.21:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.22:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.23:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.24:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.25:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.26:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.80:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.81:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.66:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.67:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.56:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.57:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.58:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.73:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.20:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.35:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.17:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.23:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.24:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.25:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.128:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.129:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.130:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.131:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.132:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.133:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.134:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.135:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.136:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.137:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.138:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.139:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.140:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.141:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.173:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.53:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.78:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.93:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.145:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.32:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.67:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.68:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.69:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.36:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.13:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.14:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.15:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.183:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.76:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.120:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.17:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.18:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.23:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.118:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.119:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.92:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.122:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.123:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.124:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end



Logfile of HijackThis v1.99.1
Scan saved at 12:49:55 PM, on 12/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1160264942\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\aol\aol toolbar 3.1\aoltbhelper.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news-press.com/apps/pbcs.dll/frontpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160264942\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...e.adp?clientId=2&expTypeId=1&catId=43&langCode=&subcatId=1103&tm=343&expId=5050
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125522580931
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134438050921
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.40.27.43/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/games/gtauto/activex/CacheManager.CAB
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




theres my logs sorry for very late reply please respond if u wan to

 

reply

Incident Status Location

Potentially unwanted tool:application/winfixer2005 Not disinfected c:\program files\common files\WinSoftware
Adware:adware/wupd Not disinfected Windows Registry
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\scooby\Cookies\scooby@2o7[1].txt
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Program Files\Common Files\WinSoftware\PrCheck.dll
Adware:Adware/Comet Not disinfected C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\biS.inf


scooby - 06-11-18 16:33:05.95 Service Pack 1
ComboFix 06.11.18W - Running from: "C:\Documents and Settings\scooby\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\INSTALL.LOG


((((((((((((((((((((((((((((((( Files Created from 2006-10-18 to 2006-11-18 ))))))))))))))))))))))))))))))))))


2006-11-18 16:20 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-18 16:20 <DIR> d-------- C:\Program Files\Grisoft
2006-11-10 15:06 <DIR> d-------- C:\Program Files\New Folder
2006-11-06 17:46 183,808 --a-s---- C:\WINDOWS\NDNuninstall7_44.exe
2006-11-05 13:15 <DIR> d-------- C:\Documents and Settings\scooby\Application Data\WinAntiSpyware 2006
2006-10-21 07:13 <DIR> d-------- C:\Program Files\MadCars_at


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-18 16:41 -------- d-a------ C:\Program Files\Common Files
2006-11-18 16:32 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-11-10 15:07 -------- d-------- C:\Program Files\hijack this
2006-11-07 18:07 -------- d-------- C:\Program Files\FishTycoon_at
2006-11-07 07:54 -------- d-a-s---- C:\Program Files\NewDotNet
2006-11-02 18:46 -------- d-------- C:\Program Files\Deep Sea Tycoon 2_at
2006-11-02 18:45 -------- d-------- C:\Program Files\3DLivePool_at
2006-11-02 18:44 -------- d-------- C:\Program Files\SpaceTaxi2_at
2006-11-02 18:43 -------- d-------- C:\Program Files\Sweetopia_at
2006-11-02 18:43 -------- d-------- C:\Program Files\SpongeBobDinerDash_at
2006-10-17 17:04 -------- d-------- C:\Program Files\Web Publish
2006-10-17 17:02 -------- d-------- C:\Program Files\Common Files\Broderbund
2006-10-17 17:02 -------- d-------- C:\Program Files\Broderbund
2006-10-17 17:01 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-12 07:02 -------- d-------- C:\Program Files\FeedingFrenzy2_at
2006-10-07 18:49 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-07 18:49 -------- d-------- C:\Program Files\AOL
2006-10-07 18:49 -------- d-------- C:\Program Files\AOD
2006-10-05 15:48 -------- d-------- C:\Program Files\Google
2006-10-04 15:59 -------- d-------- C:\Documents and Settings\scooby\Application Data\acccore
2006-10-04 15:17 -------- d-------- C:\Program Files\AIM
2006-10-03 17:17 -------- d-------- C:\Program Files\Common Files\aolshare
2006-10-02 21:00 629264 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2006-10-02 21:00 108592 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2006-10-01 14:58 183296 --a-s---- C:\WINDOWS\NDNuninstall7_22.exe
2006-10-01 14:55 50688 --a-s---- C:\WINDOWS\NDNuninstall6_38.exe
2006-10-01 14:55 -------- d-------- C:\Program Files\filesubmit
2006-09-25 15:00 -------- d-------- C:\Program Files\Screensavers.com
2006-09-24 12:05 -------- d-------- C:\Program Files\Hamsterball_at
2006-09-24 07:57 -------- d-------- C:\Program Files\LeapFrog
2006-09-24 07:56 -------- d-------- C:\Program Files\The Learning Company
2006-09-24 07:55 -------- d-------- C:\Program Files\THQ
2006-09-24 07:54 -------- d-------- C:\Program Files\TomsHenHouse_at
2006-09-24 07:51 -------- d-------- C:\Program Files\Motorama_at
2006-09-03 19:47 361984 --a------ C:\WINDOWS\system32\Kagaya.scr


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_04\\bin\\jusched.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb11.exe"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"HPHUPD06"="C:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPHmon06"="C:\\WINDOWS\\system32\\hphmon06.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"CaAvTray"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVRID.exe\""
"Zone Labs Client"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Firewall\\ca.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1160264942\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~1.DLL,ClientStartup -s"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://imagecache2.allposters.com/images/153/942408.jpg"
"SubscribedURL"="http://imagecache2.allposters.com/images/153/942408.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,04,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:02,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,5e,01,00,00,fa,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,52,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"DirectX For Microsoft® Windows"="C:\\WINDOWS\\system32\\fservice.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\EPSON Status Monitor 3 Environment Check 2.lnk"
"backup"="C:\\WINDOWS\\pss\\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_SRCV02.EXE "
"item"="EPSON Status Monitor 3 Environment Check 2"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\KODAK\\KODAKE~1\\bin\\EASYSH~1.EXE -h"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak software updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak software updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\KODAK\\KODAKS~1\\7288971\\Program\\KODAKS~1.EXE "
"item"="Kodak software updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1159913848\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Ip6FwHlp


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HP Usg Daily FY04.job

Completion time: 06-11-18 16:42:26.06
C:\ComboFix.txt ... 06-11-18 16:42


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:04:26 PM 11/18/2006

+ Scan result:



C:\Program Files\Microsoft AntiSpyware\Quarantine\15D822CA-D533-40ED-A893-3A6E99\267C66BF-E132-4B2E-8A8C-828D31 -> Adware.Background : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP520\A0353221.EXE -> Adware.Background : Cleaned with backup (quarantined).
C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP546\A0378994.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP574\A0399540.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\hijack this\backups\backup-20061118-165314-686.dll -> Adware.Coupons : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP588\A0410904.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\Program Files\TDS3\xDynamic\TDS.Unpk\bolae9in3l.exe -> Adware.F1Organizer : Cleaned with backup (quarantined).
C:\WINDOWS\iNetPal\bolae9in3l.exe -> Adware.F1Organizer : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\spookyscr.exe\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP545\A0376877.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP577\A0402678.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP577\A0402693.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP588\A0410901.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP588\A0410902.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP588\A0410903.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_44.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\Kellsei & Syd\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Kellsei & Syd\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Kellsei & Syd\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Kellsei & Syd\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Kellsei & Syd\Start Menu\Programs\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Kellsei & Syd\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\spookyscr.exe\SetupInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP545\A0376871.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP545\A0376872.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP545\A0376873.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer.1 -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller.1 -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sandlot Shared\slghex.dll -> Adware.SpywareStorm : Cleaned with backup (quarantined).
C:\GameHouse\Super Collapse 3\DeliciousInstall.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP530\A0360581.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CE70731D-F28D-4D81-9D61-C8EE60378401} -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP577\A0402716.dll -> Adware.WinAntiSpyware : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WinSoftware\WFF.exe -> Adware.Winfixer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP577\A0402726.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F800832-1A1E-4D3E-8700-094D4D096578}\RP577\A0402727.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\WFF.sys -> Adware.Winfixer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\in2bS.dll -> Dropper.Small.abe : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_NI53TESTNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWAS5_0001_LP51NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.a : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.45:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.100:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.101:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.102:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.103:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.104:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.105:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.106:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.107:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.108:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.109:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.110:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.111:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.113:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.114:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.115:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.116:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.54:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.72:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.73:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.74:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.75:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.76:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.77:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.78:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.79:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.80:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.81:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.82:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.83:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.84:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.85:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.86:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.87:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.88:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.89:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.90:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.91:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.92:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.93:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.94:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.95:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.96:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.97:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.98:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.99:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.40:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.178:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.38:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.37:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.43:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.18:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.21:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.22:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.10:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.11:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.12:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.21:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.22:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.23:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.24:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.25:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.26:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.80:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.81:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.66:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.67:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.56:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.57:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.58:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.73:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.20:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.35:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.17:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.23:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.24:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.25:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.128:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.129:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.130:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.131:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.132:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.133:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.134:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.135:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.136:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.137:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.138:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.139:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.140:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.141:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.173:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.53:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.78:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.93:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.145:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.32:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.67:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.68:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.69:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.36:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.13:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.14:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.15:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.183:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.76:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.120:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.17:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.18:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.23:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Profiles\default\m8rr9bq7.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.118:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.119:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.92:C:\Documents and Settings\Master Chief\Application Data\Mozilla\Firefox\Profiles\default.yyh\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.122:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.123:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.124:C:\Documents and Settings\Kellsei & Syd\Application Data\Mozilla\Firefox\Profiles\vdh2srdn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end



Logfile of HijackThis v1.99.1
Scan saved at 12:49:55 PM, on 12/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1160264942\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\aol\aol toolbar 3.1\aoltbhelper.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news-press.com/apps/pbcs.dll/frontpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160264942\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...e.adp?clientId=2&expTypeId=1&catId=43&langCode=&subcatId=1103&tm=343&expId=5050
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125522580931
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134438050921
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.40.27.43/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/games/gtauto/activex/CacheManager.CAB
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




theres my logs sorry for very late reply please respond if u wan to

 

Hi masterchief239,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Download LSPFix.exe as we may need it later.

-----------------------------------

Please disable Microsoft AntiSpyware, as it may hinder the removal of some entries. You can re-enable it after you're clean.

• Right click the Microsoft AntiSpyware icon located in the system tray
• Click on Security Agents Status (Enabled)
• Click on Disable Real-time Protection

-----------------------------------

Download the attached master.zip file to your desktop.

Double click on the master.zip folder, then double click on the .reg file within. Click yes to allow it to merge into your registry.

-----------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

-----------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries:

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

Click 'Fix Checked' and close HijackThis.

**Note**
While running Hijackthis, verify if these entries still exist:

O10 - Hijacked Internet access by New.Net

If they exist, we would be required to run LSPFix.exe

Instructions for using LSPFix

1. Double click on LSPFix.exe to run it.
2. Once running, you will be required to tick the disclaimer - "I know what I'm doing".
3. You'll find a windows with 2 panes.
   In the left pane which is labeled 'Keep', select all instances of this file:
   • newdotnet7_22.dll
4. Then click on the arrow pointing to the right, >>.
   This will move the entry to the right pane labeled 'Remove'
5. Click the Finish button to complete the fix.

Only entries similar to newdotnet.dll need to be removed. If you see any other entries in the right pane, move them back to the "Keep" pane & post the filenames to inform me.

-----------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

-----------------------------------

Using 'My Computer', navigate to and delete the following Files and Folders if they still exist.

c:\program files\common files\WinSoftware
C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe
C:\WINDOWS\inf\biS.inf
C:\Program Files\NewDotNet

-----------------------------------

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users
• Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

-----------------------------------

Reboot into Normal Mode.

-----------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-1_5_0_10-windows-i586-p.exe to install the newest version.

-----------------------------------

Run another online scan at Panda and save the results.

-----------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-----------------------------------

Run a new scan with HijackThis and save the log.

-----------------------------------

Please include the following in your next reply:

Panda results
ComboFix.txt
New HijackThis log

How is the system behaving now?