windows crashing please help!

[tjnguyen]

Hi my name is TJ and I am new to this forum. Today I decided to use my dads computer and I found an annoying problem on his computer. I spent almost the whole day trying to fix it. I have knowledge of computers here and there but not enough to fix this problem. The problem starts out with me going to my computers and then opening the CD drive. I put in my music CD and then explored the CD folder, but as soon as i open it, it gives me an error. It pops up the explorer.exe has an ecountered a problem, send do not send report, ect. I checked out the more detailed info and here it is:

AppName: explorer.exe AppVer: 6.0.2900.2180 ModName: unknown
ModVer: 0.0.0.0 Offset: 00000000

then went to check the source of the problem and it gave me this:

C:\DOCUME~1\******~1\LOCALS~1\Temp\d662_appcompat.txt

I know that appcompat.txt isnt the problem but it shows what the problem is, and ive tried everything to fix this. I also notice everytime i tried to open the Cd drive again it changes the accompat file name, like first it would be like d662_appcompat.txt then it would change to f13d2_appcompat.txt then by734_appcompat.txt ect. I opened that file and check whats going on but i had no idea what it meant so i here i am asking you guys for help. My dad's computer isnt that old, maybe few months, its a dell, LOL i know, but were cheap and we cant get good computers. I tried everything from virus scans, spyware removal, and ect. I just gave up and finally came here. I tried updating his computer, doing the windows protection tool scan. I know it isnt my CD because i also put in like 5 other cd's and when i tried to go into the CD drive, it crashes and gives me the same thing.

Well heres the text file if you guys can check it out for me, and i really wanted to fix his problem its really annoying, maybe ill try Dells Tech Support tomorrow. I really dont want to reformat his computer because he has a lot of stuff thats really important to him and itll be a pain to back that all up. Hope you guys can help me and thank you!


EDIT: also here is the hijackthis save log too

Logfile of HijackThis v1.99.1
Scan saved at 10:58:15 PM, on 5/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dropspam.com/sidesearch.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sidesearch.dropspam.com/sidesearch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6F45AEA2-9C81-4832-8390-7134102B8DE5} - C:\Program Files\WeatherStudio Desktop\bin\WeatherStudio Desktop.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {FFDD804F-A7F8-4395-93D2-66A85DA2BDAB} - C:\Program Files\WeatherStudio348\bin\WeatherStudio348.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: WeatherStudio Toolbar - {15757333-2BCA-4B77-A807-D0955132F812} - C:\Program Files\WeatherStudio348\bin\WeatherStudio348.dll
O4 - HKLM\..\Run: [WeatherStudio Desktop] "C:\Program Files\WeatherStudio Desktop\bin\WeatherStudio Desktop.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\common\yinsthelper.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

PS i dont know if its a virus, or a spyware/malware but i really want to fix it without having to reformat the computer, ive never have to reformat my computer or anything, and i heard it takes awhile installing all those drives again. Thnx!

[tjnguyen]

bump, please i really need help, give me a reply so if i cant fix it, ill have to like send it out or something

[Ried]

Hello tjnguyen and welcome,

This log isn't showing enough. Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review.
• DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt

It's 1:36 a.m my time...I'll wait up a bit longer for you to post those logs. The scan will only take between 7 and 10 minutes.

[tjnguyen]

sorry i went to sleep as soon as i bumped the thread, i was tired, but here it is

Deckard's System Scanner v20070426.43
Run by Thuan Nguyen on 2007-05-06 at 12:23:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
92: 2007-05-06 16:23:48 UTC - RP341 - Deckard's System Scanner Restore Point
91: 2007-05-06 04:07:52 UTC - RP340 - System Checkpoint
90: 2007-05-05 01:46:56 UTC - RP339 - Restore Operation
89: 2007-05-04 05:03:32 UTC - RP338 - System Checkpoint
88: 2007-05-03 04:34:13 UTC - RP337 - System Checkpoint


-- First Restore Point --
1: 2007-02-06 07:49:33 UTC - RP250 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Thuan Nguyen.exe) ----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:24:29 PM, on 5/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Thuan Nguyen\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Thuan Nguyen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dropspam.com/sidesearch.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sidesearch.dropspam.com/sidesearch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6F45AEA2-9C81-4832-8390-7134102B8DE5} - C:\Program Files\WeatherStudio Desktop\bin\WeatherStudio Desktop.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {FFDD804F-A7F8-4395-93D2-66A85DA2BDAB} - C:\Program Files\WeatherStudio348\bin\WeatherStudio348.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: WeatherStudio Toolbar - {15757333-2BCA-4B77-A807-D0955132F812} - C:\Program Files\WeatherStudio348\bin\WeatherStudio348.dll
O4 - HKLM\..\Run: [WeatherStudio Desktop] "C:\Program Files\WeatherStudio Desktop\bin\WeatherStudio Desktop.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\common\yinsthelper.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Files created between 2007-04-06 and 2007-05-06 -----------------------------

2007-05-04 21:58:42 0 d-------- C:\WINDOWS\LastGood
2007-05-04 21:16:08 0 d-------- C:\$VAULT$.AVG
2007-05-04 21:16:03 12291078 --a------ C:\avg7qt(2).dat
2007-05-04 20:42:05 0 d-------- C:\Documents and Settings\Thuan Nguyen\Application Data\AVG7
2007-05-04 20:41:51 0 d-------- C:\Program Files\Grisoft(2)
2007-05-04 20:41:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2007-05-01 23:42:50 4980736 --a------ C:\Documents and Settings\Thuan Nguyen\ntuser.dat
2007-04-19 17:48:03 0 d-------- C:\Program Files\Xilisoft
2007-04-19 17:40:27 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-04-19 17:40:27 395776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-04-19 17:40:27 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-04-19 17:40:27 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-04-19 17:40:26 0 d-------- C:\Program Files\Cucusoft
2007-04-19 17:24:30 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2007-04-19 17:24:30 16512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2007-04-19 16:55:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-04-19 16:02:30 0 d-------- C:\Documents and Settings\Thuan Nguyen\Application Data\SlySoft
2007-04-19 16:01:16 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-04-19 15:58:03 0 d-------- C:\Program Files\SlySoft
2007-04-19 14:37:35 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink


-- Find3M Report ---------------------------------------------------------------

2007-05-04 22:41:11 0 d-------- C:\Documents and Settings\Thuan Nguyen\Application Data\WeatherStudio348
2007-05-04 21:16:08 0 d-------- C:\Program Files\DAEMON Tools
2007-04-21 17:07:09 0 d-------- C:\Program Files\LimeWire
2007-04-19 17:25:11 0 d-------- C:\Documents and Settings\Thuan Nguyen\Application Data\dvdcss
2007-03-23 19:01:55 0 d-------- C:\Documents and Settings\Thuan Nguyen\Application Data\Macromedia
2007-03-22 19:12:54 0 d-------- C:\Program Files\F?nts
2007-03-21 22:00:08 2 --a------ C:\WINDOWS\system32\wcpsvsu.exe
2007-03-21 21:59:25 0 d-------- C:\Program Files\Common Files\aolshare
2007-03-21 21:59:15 0 d-------- C:\Program Files\Common Files\AOL
2007-03-21 21:56:43 0 d-------- C:\Program Files\CCleaner
2007-03-21 20:34:06 2 --a------ C:\WINDOWS\system32\wcpsu.exe
2007-03-20 19:44:42 0 d-------- C:\Documents and Settings\Thuan Nguyen\Application Data\T?sks
2007-03-19 19:42:31 0 d-------- C:\Documents and Settings\Thuan Nguyen\Application Data\s?stem32
2007-03-19 19:42:31 0 d-------- C:\Documents and Settings\Thuan Nguyen\Application Data\?racle
2007-03-08 18:39:00 51733 --a------ C:\WINDOWS\plugin1.dat
2007-03-07 17:39:58 0 d-------- C:\Program Files\??sks


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670} C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} C:\Program Files\FlashGet\jccatch.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{6F45AEA2-9C81-4832-8390-7134102B8DE5} C:\Program Files\WeatherStudio Desktop\bin\WeatherStudio Desktop.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll
{F156768E-81EF-470C-9057-481BA8380DBA} C:\Program Files\FlashGet\getflash.dll
{FFDD804F-A7F8-4395-93D2-66A85DA2BDAB} C:\Program Files\WeatherStudio348\bin\WeatherStudio348.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WeatherStudio Desktop"="\"C:\\Program Files\\WeatherStudio Desktop\\bin\\WeatherStudio Desktop.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Digital Line Detect.lnk"
"backup"="C:\\WINDOWS\\pss\\Digital Line Detect.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\DIGITA~1\\DLG.exe "
"item"="Digital Line Detect"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^tqnci.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\tqnci.exe"
"backup"="C:\\WINDOWS\\pss\\tqnci.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\tqnci.exe"
"item"="tqnci"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bbfscb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cjbbcd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\cjbbcd.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTCLiveUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LiveUpdate"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\LiveUpdate\\LiveUpdate.exe\" /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaDetect"
"hkey"="HKLM"
"command"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DSAgnt"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DLACTRLW"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DMXLauncher"
"hkey"="HKLM"
"command"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DropSpam Lifestyle]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dslifestyle"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\dslifestyle\\dslifestyle.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxpers"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxpers.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iiqk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iiqkm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\iiqk\\iiqkm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 01]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPClient"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPClient.exe\" -l"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPMon32"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPMon32.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="isuspm"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealOneMessageCenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\RealOneMessageCenter.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSKDetct"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mtd2002Svr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mtdserver"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\mtd2002\"\\mtdserver.exe -f"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="javaw"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\FNTS~1\\javaw.exe\" -vt ndrv"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smax4pnp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iexplore"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\iexplore.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xxmtd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cjbbcd"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\cjbbcd.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ybrwicon"
"hkey"="HKLM"
"command"="C:\\Program Files\\Yahoo!\\browser\\ybrwicon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zuvcgw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="s?anregw"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\Thuan Nguyen\\Application Data\\??mbols\\s?anregw.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost


-- End of Deckard's System Scanner: finished at 2007-05-06 at 12:24:56 ---------


thats main.txt and ill attach the extra

[Ried]

Ok, let's get started.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's important to carry out the instructions in the sequence listed below.

***************************************************

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Go to Start->Run and type in regedit and hit OK.

Open notepad and copy/paste the entire text in the quotebox below: (don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^tqnci.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bbfscb]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iiqk]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mtd2002Svr]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Service]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xxmtd]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zuvcgw]

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

--------------------------------------------------------------------

Updating Java and Clearing Cache

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Panda results
New HijackThis log

[tjnguyen]

ok here it is, im going to post the Hijackthis log file in my reply and ill attach the 2 other files because its really long and thought it would be easier for u to read it that way

"Thuan Nguyen" - 2007-05-06 2:14:49 Service Pack 2
ComboFix 07-05.07.1.V - Running from: "C:\Documents and Settings\Thuan Nguyen\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\wcpsu.exe
C:\WINDOWS\system32\wcpsvsu.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\APPLIC~1\MBOLS~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\APPLIC~1\RACLE~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\APPLIC~1\SSTEM3~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\APPLIC~1\STEM~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\APPLIC~1\TSKS~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\MYDOCU~1\ICROSO~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\MYDOCU~1\SMANTE~1
C:\qoobox\purity\C\Program Files\CROSOF~1
C:\qoobox\purity\C\Program Files\FNTS~1
C:\qoobox\purity\C\Program Files\MANTEC~1
C:\qoobox\purity\C\Program Files\MCROSO~1
C:\qoobox\purity\C\Program Files\SKS~1
C:\qoobox\purity\C\Program Files\Common Files\SKS~1
C:\qoobox\purity\C\Program Files\Common Files\SSTEM~1
C:\qoobox\purity\C\Program Files\Common Files\WNSXS~1
C:\qoobox\purity\C\Program Files\Common Files\YSTEM~1
C:\qoobox\purity\C\WINDOWS\PPATCH~1
C:\qoobox\purity\C\WINDOWS\RACLE~1
C:\qoobox\purity\C\WINDOWS\TSKS~1
C:\qoobox\purity\C\WINDOWS\WNSXS~1
C:\qoobox\purity\C\WINDOWS\system32\MANTEC~1
C:\qoobox\purity\C\WINDOWS\system32\MBOLS~1
C:\qoobox\purity\C\WINDOWS\system32\RACLE~1
C:\qoobox\purity\C\WINDOWS\system32\YMANTE~1
C:\qoobox\purity\C\WINDOWS\system32\YSTEM~1


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((((((((( Files Created from 2007-04-06 to 2007-05-06 ))))))))))))))))))))))))))))))))))


2007-05-06 12:23 <DIR> d-------- C:\Deckard
2007-05-04 21:58 <DIR> d-------- C:\WINDOWS\LastGood
2007-05-04 21:16 12,291,078 --a------ C:\avg7qt(2).dat
2007-05-04 20:41 <DIR> d-------- C:\Program Files\Grisoft(2)
2007-05-04 20:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft(2)
2007-05-01 23:42 4,980,736 --a------ C:\DOCUME~1\THUANN~1\ntuser.dat
2007-04-19 17:48 <DIR> d-------- C:\Program Files\Xilisoft
2007-04-19 17:40 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-04-19 17:40 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-04-19 17:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-04-19 17:40 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-04-19 17:40 <DIR> d-------- C:\Program Files\Cucusoft
2007-04-19 17:24 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-04-19 17:24 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-04-19 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-04-19 16:02 <DIR> d-------- C:\DOCUME~1\THUANN~1\APPLIC~1\SlySoft
2007-04-19 16:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-04-19 15:58 <DIR> d-------- C:\Program Files\SlySoft
2007-04-19 14:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-06 17:02:36 -------- d-----w C:\DOCUME~1\THUANN~1\APPLIC~1.\WeatherStudio348
2007-05-05 01:16:08 -------- d-----w C:\Program Files\DAEMON Tools
2007-04-21 21:07:09 -------- d-----w C:\Program Files\LimeWire
2007-04-19 21:25:11 -------- d-----w C:\DOCUME~1\THUANN~1\APPLIC~1.\dvdcss
2007-04-19 20:02:30 -------- d-----w C:\DOCUME~1\THUANN~1\APPLIC~1.\SlySoft
2007-03-22 01:59:25 -------- d-----w C:\Program Files\Common Files\aolshare
2007-03-22 01:59:15 -------- d-----w C:\Program Files\Common Files\AOL
2007-03-22 01:56:43 -------- d-----w C:\Program Files\CCleaner
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 22:39:00 51,733 ----a-w C:\WINDOWS\plugin1.dat
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4efb-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll"
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"="C:\Program Files\FlashGet\jccatch.dll"
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="C:\WINDOWS\System32\DLA\DLASHX_W.DLL"
"{6F45AEA2-9C81-4832-8390-7134102B8DE5}"="C:\Program Files\WeatherStudio Desktop\bin\WeatherStudio Desktop.dll"
"{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar2.dll"
"{F156768E-81EF-470C-9057-481BA8380DBA}"="C:\Program Files\FlashGet\getflash.dll"
"{FFDD804F-A7F8-4395-93D2-66A85DA2BDAB}"="C:\Program Files\WeatherStudio348\bin\WeatherStudio348.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WeatherStudio Desktop"="\"C:\\Program Files\\WeatherStudio Desktop\\bin\\WeatherStudio Desktop.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^adobe reader speed launch.lnk
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^america online 9.0 tray icon.lnk
C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^digital line detect.lnk
C:\PROGRA~1\DIGITA~1\DLG.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btcliveupdate
"C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccapp
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\corel photo downloader
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupport
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmxlauncher
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dropspam lifestyle
"C:\Program Files\dslifestyle\dslifestyle.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd
C:\WINDOWS\system32\hkcmd.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers
C:\WINDOWS\system32\igfxpers.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray
C:\WINDOWS\system32\igfxtray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipinsightlan 01
"C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipinsightmonitor 01
"C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isuspm startup
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isusscheduler
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msgcenterexe
"C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mskdetectorexe
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs
"C:\Program Files\Messenger\msmsgs.exe" /background

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\norton ghost 10.0
"C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundmaxpnp
C:\Program Files\Analog Devices\Core\smax4pnp.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ybrowser
C:\Program Files\Yahoo!\browser\ybrwicon.exe


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
WudfServiceGroup WUDFSvc\0\0




*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_HTTPFILTER

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-06 02:16:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-06 2:16:33
C:\ComboFix-quarantined-files.txt ... 2007-05-06 02:16



Incident Status Location

Adware:Adware/Comet Not disinfected C:\Program Files\WeatherStudio348\bin\WeatherStudio348.dll
Adware:adware/commad Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/seekmo Not disinfected Windows Registry
Adware:adware/dropspam Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.casa