Some sort of trojan

MattNicholson · 02-15-2007, 08:22 PM

I don't know whats going on with my computer.. my telus security thing said it detected a trojan i cant remember what it was called.. but it asked if i wanted to delete reboot.. i did but it never deleted it it keeps saying that..
I've noticed my computer goes slow sporatically especially when i turn it on, there is nothing running but the scvhost thing takes up around 100 CPU until i end the process tree then it is fine for a while

ComboScan v20070212.14 run by John Nicholson on 2007-02-15 at 19:02:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.

-- HijackThis log (run as John Nicholson.com) -----------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:03:22 PM, on 15/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\TELUS\TELUS Security service\Freedom.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\CDSLicenseMng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\John Nicholson\Desktop\comboscan.exe
C:\DOCUME~1\JOHNNI~1\LOCALS~1\Temp\~acnmptb.tmp\John Nicholson.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002
R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS Security service\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TELUS Security service] "C:\Program Files\TELUS\TELUS Security service\Freedom.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?8c2021aa3b0a4dec82b10bb769158c7d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?8c2021aa3b0a4dec82b10bb769158c7d
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

4 abp480n5 - \SystemRoot\system32\DRIVERS\ABP480N5.SYS
4 adpu160m - \SystemRoot\system32\DRIVERS\adpu160m.sys
4 agpCPQ (Compaq AGP Bus Filter) - \SystemRoot\system32\DRIVERS\agpCPQ.sys
4 Aha154x - \SystemRoot\system32\DRIVERS\aha154x.sys
4 aic78u2 - \SystemRoot\system32\DRIVERS\aic78u2.sys
4 aic78xx - \SystemRoot\system32\DRIVERS\aic78xx.sys
4 AliIde - \SystemRoot\system32\DRIVERS\aliide.sys
4 alim1541 (ALI AGP Bus Filter) - \SystemRoot\system32\DRIVERS\alim1541.sys
4 amdagp (AMD AGP Bus Filter Driver) - \SystemRoot\system32\DRIVERS\amdagp.sys
4 amsint - \SystemRoot\system32\DRIVERS\amsint.sys
2 ANIO (ANIO Service) - \??\C:\WINDOWS\system32\ANIO.SYS
4 asc - \SystemRoot\system32\DRIVERS\asc.sys
4 asc3350p - \SystemRoot\system32\DRIVERS\asc3350p.sys
4 asc3550 - \SystemRoot\system32\DRIVERS\asc3550.sys
4 cbidf - \SystemRoot\system32\DRIVERS\cbidf2k.sys
4 cd20xrnt - \SystemRoot\system32\DRIVERS\cd20xrnt.sys
3 cdspacex - system32\DRIVERS\CDSPACEX.sys
4 CmdIde - \SystemRoot\system32\DRIVERS\cmdide.sys
4 Cpqarray - \SystemRoot\system32\DRIVERS\cpqarray.sys
2 CSS DVP - system32\DRIVERS\css-dvp.sys
4 dac2w2k - \SystemRoot\system32\DRIVERS\dac2w2k.sys
4 dac960nt - \SystemRoot\system32\DRIVERS\dac960nt.sys
2 DLABOIOM - System32\DLA\DLABOIOM.SYS
1 DLACDBHM - System32\Drivers\DLACDBHM.SYS
2 DLADResN - System32\DLA\DLADResN.SYS
2 DLAIFS_M - System32\DLA\DLAIFS_M.SYS
2 DLAOPIOM - System32\DLA\DLAOPIOM.SYS
2 DLAPoolM - System32\DLA\DLAPoolM.SYS
1 DLARTL_N - System32\Drivers\DLARTL_N.SYS
2 DLAUDFAM - System32\DLA\DLAUDFAM.SYS
2 DLAUDF_M - System32\DLA\DLAUDF_M.SYS
4 dpti2o - \SystemRoot\system32\DRIVERS\dpti2o.sys
0 DRVMCDB - System32\Drivers\DRVMCDB.SYS
2 DRVNDDM - System32\Drivers\DRVNDDM.SYS
3 DSproct - \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
3 E100B (Intel(R) PRO Adapter Driver) - system32\DRIVERS\e100b325.sys
3 Freedom (Freedom Miniport) - system32\DRIVERS\FREEDOM.SYS
2 FreeTdi (Freedom Filter (24214)) - System32\Drivers\FreeTdi.sys
3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
4 hpn - \SystemRoot\system32\DRIVERS\hpn.sys
3 HPZid412 (IEEE-1284.4 Driver HPZid412) - system32\DRIVERS\HPZid412.sys
3 HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - system32\DRIVERS\HPZipr12.sys
3 HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - system32\DRIVERS\HPZius12.sys
4 i2omp - \SystemRoot\system32\DRIVERS\i2omp.sys
3 ialm - system32\DRIVERS\ialmnt5.sys
4 ini910u - \SystemRoot\system32\DRIVERS\ini910u.sys
1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys
3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys
4 mraid35x - \SystemRoot\system32\DRIVERS\mraid35x.sys
3 nv - system32\DRIVERS\nv4_mini.sys
0 PCIIde - system32\DRIVERS\pciide.sys
4 perc2 - \SystemRoot\system32\DRIVERS\perc2.sys
4 perc2hib - \SystemRoot\system32\DRIVERS\perc2hib.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
4 ql1080 - \SystemRoot\system32\DRIVERS\ql1080.sys
4 Ql10wnt - \SystemRoot\system32\DRIVERS\ql10wnt.sys
4 ql12160 - \SystemRoot\system32\DRIVERS\ql12160.sys
4 ql1240 - \SystemRoot\system32\DRIVERS\ql1240.sys
4 ql1280 - \SystemRoot\system32\DRIVERS\ql1280.sys
3 RT73 (D-Link USB Wireless LAN Card Driver) - system32\DRIVERS\Dr71WU.sys
3 senfilt - system32\drivers\senfilt.sys
4 sisagp (SIS AGP Bus Filter) - \SystemRoot\system32\DRIVERS\sisagp.sys
3 smwdm - system32\drivers\smwdm.sys
4 Sparrow - \SystemRoot\system32\DRIVERS\sparrow.sys
0 sptd - System32\Drivers\sptd.sys
4 symc810 - \SystemRoot\system32\DRIVERS\symc810.sys
4 symc8xx - \SystemRoot\system32\DRIVERS\symc8xx.sys
2 symlcbrd - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
4 sym_hi - \SystemRoot\system32\DRIVERS\sym_hi.sys
4 sym_u3 - \SystemRoot\system32\DRIVERS\sym_u3.sys
4 TosIde - \SystemRoot\system32\DRIVERS\toside.sys
3 TwoRabts (Two Rabbits Live Bus) - system32\DRIVERS\TwoRabts.sys
4 ultra - \SystemRoot\system32\DRIVERS\ultra.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
3 USBSTOR (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
4 viaagp (VIA AGP Bus Filter) - \SystemRoot\system32\DRIVERS\viaagp.sys
4 ViaIde - \SystemRoot\system32\DRIVERS\viaide.sys
3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys
1 XSPACEWG - \??\C:\WINDOWS\system32\drivers\XSpaceWg.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
2 ANIWZCSdService (ANIWZCSd Service) - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2 ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3 ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2 ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
2 dvpapi - "C:\Program Files\Common Files\Command Software\dvpapi.exe"
2 Fax - %systemroot%\system32\fxssvc.exe
2 GEARSecurity - %SystemRoot%\System32\GEARSec.exe
3 iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2 MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
3 NetSvc (Intel NCS NetService) - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
3 Norton Ghost - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
3 ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
3 Symantec Core LC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
3 usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "C:\Program Files\MSN Messenger\usnsvc.exe"
3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup

-- Scheduled Tasks --------------------------------------------------------------

2007-02-15 18:35:19 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job<CHECKU~1.JOB>
2007-02-13 03:00:00 380 --a------ C:\WINDOWS\Tasks\XoftSpySE.job<XOFTSP~1.JOB>

-- Files created between 2007-01-15 and 2007-02-15 ------------------------------

2007-02-07 21:20:44 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-02-07 21:18:36 0 d-------- C:\WINDOWS\system32\LogFiles
2007-02-07 21:18:36 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-06 22:40:00 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-02-06 22:37:52 0 d-------- C:\Program Files\HP
2007-02-06 22:36:42 17176 -----n--- C:\WINDOWS\hpomdl04.dat
2007-02-06 22:36:42 103535 --a------ C:\WINDOWS\hpoins04.dat
2007-02-06 22:36:20 0 d-------- C:\temp
2007-02-06 17

19 503808 --a------ C:\WINDOWS\system\sxlrt232.dll<Unsigned: Dinkumware, Ltd.>
2007-01-29 14:22:57 0 d-------- C:\Program Files\Messenger Plus! Live<MESSEN~2>
2007-01-20 17:27:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrovision<MACROV~1>
2007-01-20 17:27:41 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-01-19 13:45:02 0 d-------- C:\Documents and Settings\Kenton\Application Data\Corel Photo Album<CORELP~1>
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll<Signed: Microsoft Corp.>
2007-01-19 11:08:25 0 d-------- C:\Documents and Settings\Kenton\Application Data\ESTsoft

-- Find3M Report ----------------------------------------------------------------

2007-02-15 16:36:40 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-15 15

19 0 d-------- C:\Program Files\Common Files\Command Software<COMMAN~1>
2007-02-14 07:16:27 0 d-------- C:\Program Files\Common Files\PestPatrol<PESTPA~1>
2007-02-08 20:30:25 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-07 17:50:27 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys<Unsigned: n/a>
2007-02-07 17:50:27 88 -r-hs---- C:\WINDOWS\system32\5970888737.sys<597088~1.SYS><Unsigned: n/a>
2007-02-07 17:36:28 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\Adobe
2007-02-06 17:08:56 0 d-------- C:\Program Files\Java
2007-02-04 23:16:07 0 d-------- C:\Program Files\XoftSpySE<XOFTSP~1>
2007-01-26 16:32:46 0 d-------- C:\Program Files\Starcraft<STARCR~1>
2007-01-21 16:09:30 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\AdobeUM
2007-01-20 17:27:07 0 d-------- C:\Program Files\Common Files\Adobe
2007-01-20 17:25:51 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-15 21:48:44 0 d---s---- C:\Documents and Settings\John Nicholson\Application Data\Microsoft<MICROS~1>
2007-01-14 14:14:24 34957 --a------ C:\WINDOWS\scunin.dat
2007-01-14 14:14:23 967 --a------ C:\WINDOWS\ScUnin.pif
2007-01-14 14:14:23 70656 --a------ C:\WINDOWS\ScUnin.exe<Unsigned: Blizzard Entertainment>
2007-01-14 14:07:57 0 d-------- C:\Program Files\SPACE INTERNATIONAL<SPACEI~1>
2007-01-13 16:01:12 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>
2007-01-13 15:57:48 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys<Unsigned: n/a>
2006-12-19 21:55:53 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\Apple Computer<APPLEC~1>
2006-12-19 21:55:46 0 d-------- C:\Program Files\iTunes
2006-12-19 21:55:38 0 d-------- C:\Program Files\iPod
2006-12-19 21:55:16 0 d-------- C:\Program Files\QuickTime<QUICKT~1>

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\Msmsgs.exe\" /background"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Norton Ghost 10.0"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"D-Link Wireless G WUA-1340"="C:\\Program Files\\D-Link\\Wireless G WUA-1340\\AirGCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"TELUS Security service"="\"C:\\Program Files\\TELUS\\TELUS Security service\\Freedom.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f680f56a-a359-11db-8c1e-0015e9f7bb44}]
Shell\AutoRun\command F:\SETUP.EXE

-- End of ComboScan: finished at 2007-02-15 at 19:04:40 -------------------------

ComboScan v20070212.14 run by John Nicholson on 2007-02-15 at 19:02:09
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 2.80GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 1021.98 MiB / 699.05 MiB
Pagefile Memory (total/avail): 2464.24 MiB / 2226.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1993.73 MiB

C: is Fixed (NTFS) - 52.7 GiB total, 36.62 GiB free.
D: is Fixed (NTFS) - 18.61 GiB total, 0.28 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is CDROM (CDFS)

-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is unknown.

FirstRunDisabled is set.
AntivirusOverride is set.

FW: TELUS Security service Firewall v?????????3??? (TELUS)
AV: TELUS Security service Anti-Virus v??????????? ??? (TELUS)

-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\John Nicholson\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NICHOLSON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\John Nicholson
LOGONSERVER=\\NICHOLSON
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ESTsoft\ALZip\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ESTsoft\ALZip\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JOHNNI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JOHNNI~1\LOCALS~1\Temp
USERDOMAIN=NICHOLSON
USERNAME=John Nicholson
USERPROFILE=C:\Documents and Settings\John Nicholson
windir=C:\WINDOWS

-- User Profiles ----------------------------------------------------------------

John Nicholson (admin)
Lynn Nicholson (admin)
Harry Kroeker (admin)
Kenton (admin)

-- Add/Remove Programs ----------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
ALZip --> "C:\Program Files\ESTsoft\ALZip\unins000.exe"
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
BJ Printer Driver --> C:\WINDOWS\CJRSTR\BjDelete.exe
CDSpace 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B99BC62-1446-4CB0-8608-693BF1CE55D0}\Setup.exe"
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support 3.2 --> MsiExec.exe /X{3846E811-639D-4DE1-844B-30491C0A6C0C}
Digital Content Portal --> MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 1.99.1 --> C:\Documents and Settings\John Nicholson\Local Settings\Temp\_AZTMP0_\HijackThis.exe /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998) --> "C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.1) --> C:\PROGRA~1\MOZILL~1\uninstall\uninst.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Norton Ghost 10.0 --> MsiExec.exe /X{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{1707BF02-0F5C-4A6C-8F17-053BB73E443F}
TELUS Security & Privacy --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{B544F669-B04B-45B7-B449-30E273712FCC}
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}
Windows Live Toolbar --> MsiExec.exe /X{9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Wireless G WUA-1340 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{71FD28F7-E697-40B4-8DC9-91E8B1B9AEE9}
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

-- End of ComboScan: finished at 2007-02-15 at 19:04:40 -------------------------

MattNicholson · 02-22-2007, 10:30 PM

bump.

dorts · 02-23-2007, 05:22 AM

Hi and welcome to TSF.

My name is Keneth and I would be helping you clean up your computer.

As we have been very busy lately, I apologise for any delay in replying, and of course, all our helpers are volunteers.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Since it has been a few days since you posted your log, and Comboscan has been updated since you last downloaded, please delete your current copy of Comboscan.

Please Download ComboScan to your Desktop.

Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt back in this thread (do not attach it).
Another text file will also open, Supplementary.txt.
Please attach Supplementary.txt to your post.

To attach a file to a new post, simply

Click the [Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\ComboScan\Supplementary.txt
Click Upload.

MattNicholson · 02-25-2007, 03:53 PM

ComboScan v20070221.16 run by John Nicholson on 2007-02-25 at 14:49:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.

-- HijackThis (run as John Nicholson.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:49:59 PM, on 25/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\CDSLicenseMng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\THEWEA~1\DESKTO~1\DESKTO~1.EXE
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Documents and Settings\John Nicholson\Desktop\comboscan.exe
C:\Program Files\HijackThis\John Nicholson.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002
R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS Security service\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TELUS Security service] "C:\Program Files\TELUS\TELUS Security service\Freedom.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?8c2021aa3b0a4dec82b10bb769158c7d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?8c2021aa3b0a4dec82b10bb769158c7d
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

4S agpCPQ (Compaq AGP Bus Filter) - C:\WINDOWS\system32\drivers\AGPCPQ.SYS
4S alim1541 (ALI AGP Bus Filter) - C:\WINDOWS\system32\drivers\ALIM1541.SYS
4S amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\system32\drivers\AMDAGP.SYS
2R ANIO (ANIO Service) - C:\WINDOWS\system32\ANIO.sys
4S cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys
3R cdspacex - C:\WINDOWS\system32\drivers\CDSPACEX.sys
2R CSS DVP - C:\WINDOWS\system32\drivers\css-dvp.sys
4S dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys
2R DLABOIOM - C:\WINDOWS\system32\DLA\DLABOIOM.SYS
1R DLACDBHM - C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2R DLADResN - C:\WINDOWS\system32\DLA\DLADResN.SYS
2R DLAIFS_M - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2R DLAOPIOM - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2R DLAPoolM - C:\WINDOWS\system32\DLA\DLAPoolM.SYS
1R DLARTL_N - C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2R DLAUDFAM - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2R DLAUDF_M - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
0R DRVMCDB - C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2R DRVNDDM - C:\WINDOWS\system32\drivers\DRVNDDM.SYS
3S DSproct - C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
3S E100B (Intel(R) PRO Adapter Driver) - C:\WINDOWS\system32\drivers\e100b325.sys
3R Freedom (Freedom Miniport) - C:\WINDOWS\system32\drivers\freedom.sys
2R FreeTdi (Freedom Filter (24214)) - C:\WINDOWS\system32\drivers\FreeTdi.sys
1R GearAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\hpzid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
3R ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3R RT73 (D-Link USB Wireless LAN Card Driver) - C:\WINDOWS\system32\drivers\Dr71WU.sys
3R senfilt - C:\WINDOWS\system32\drivers\senfilt.sys
4S sisagp (SIS AGP Bus Filter) - C:\WINDOWS\system32\drivers\SISAGP.SYS
3R smwdm - C:\WINDOWS\system32\drivers\smwdm.sys
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
2R symlcbrd - C:\WINDOWS\system32\drivers\symlcbrd.sys
0R SymSnap - C:\WINDOWS\system32\drivers\SymSnap.sys
3R TwoRabts (Two Rabbits Live Bus) - C:\WINDOWS\system32\drivers\TwoRabts.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
1R V2IMount - C:\WINDOWS\system32\drivers\V2iMount.sys
4S viaagp (VIA AGP Bus Filter) - C:\WINDOWS\system32\drivers\VIAAGP.SYS
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys
1R XSPACEWG - C:\WINDOWS\system32\drivers\XSpaceWg.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
4S Alerter - C:\WINDOWS\system32\svchost.exe -k LocalService
3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
2S ANIWZCSdService (ANIWZCSd Service) - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S BITS (Background Intelligent Transfer Service) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2S Browser (Computer Browser) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3S ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
3S COMSysApp (COM+ System Application) - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R Dhcp (DHCP Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
4S Dlarabcsps -
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
3S dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\system32\svchost.exe -k NetworkService
2R dvpapi - "C:\Program Files\Common Files\Command Software\dvpapi.exe"
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2S Fax - C:\WINDOWS\system32\fxssvc.exe
2R GEARSecurity - C:\WINDOWS\System32\GEARSec.exe
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S HidServ (Human Interface Device Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\system32\imapi.exe
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R lanmanserver (Server) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\system32\svchost.exe -k LocalService
2R MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
4S Messenger - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\system32\mnmsrvc.exe
3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\system32\msdtc.exe
3S MSIServer (Windows Installer) - C:\WINDOWS\system32\msiexec.exe /V
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\system32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S NetSvc (Intel NCS NetService) - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3R Norton Ghost - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\system32\lsass.exe
3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
2R PolicyAgent (IPSEC Services) - C:\WINDOWS\system32\lsass.exe
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
3S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\system32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\system32\rsvp.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R srservice (System Restore Service) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\system32\svchost.exe -k LocalService
2R stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\system32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4}
3R Symantec Core LC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\system32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
3R usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "C:\Program Files\MSN Messenger\usnsvc.exe"
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R WebClient - C:\WINDOWS\system32\svchost.exe -k LocalService
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
3S WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs

-- Scheduled Tasks --------------------------------------------------------------

2007-02-25 14:35:00 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job<CHECKU~1.JOB>
2007-02-24 03:00:00 380 --a------ C:\WINDOWS\Tasks\XoftSpySE.job<XOFTSP~1.JOB>

-- Files created between 2007-01-25 and 2007-02-25 ------------------------------

2007-02-25 14:49:53 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-23 21:22:58 0 d-------- C:\Program Files\The Weather Channel FW<THEWEA~1>
2007-02-23 21:22:55 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\Camfrog
2007-02-23 21:21:24 0 d-------- C:\Program Files\Camfrog
2007-02-19 07:44:32 0 d-------- C:\WINDOWS\pss
2007-02-07 21:20:44 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-02-07 21:18:36 0 d-------- C:\WINDOWS\system32\LogFiles
2007-02-07 21:18:36 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-06 22:40:00 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-02-06 22:38:37 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-02-06 22:37:52 0 d-------- C:\Program Files\HP
2007-02-06 22:36:42 17176 -----n--- C:\WINDOWS\hpomdl04.dat
2007-02-06 22:36:42 103535 --a------ C:\WINDOWS\hpoins04.dat
2007-02-06 22:36:20 0 d-------- C:\temp
2007-02-06 22:28:26 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-02-06 22:24:48 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-02-06 17

19 503808 --a------ C:\WINDOWS\system\sxlrt232.dll
2007-01-29 14:22:57 0 d-------- C:\Program Files\Messenger Plus! Live<MESSEN~2>
2007-01-29 01:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

-- Find3M Report ----------------------------------------------------------------

2007-02-25 12:30:51 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-22 20:31:21 0 d-------- C:\Program Files\Common Files\Command Software<COMMAN~1>
2007-02-22 18:24:04 0 d-------- C:\Program Files\Starcraft<STARCR~1>
2007-02-21 08:29:40 0 d-------- C:\Program Files\Common Files\PestPatrol<PESTPA~1>
2007-02-08 20:30:25 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-07 17:50:27 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-07 17:50:27 88 -r-hs---- C:\WINDOWS\system32\5970888737.sys<597088~1.SYS>
2007-02-07 17:36:28 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\Adobe
2007-02-06 17:08:56 0 d-------- C:\Program Files\Java
2007-02-04 23:16:07 0 d-------- C:\Program Files\XoftSpySE<XOFTSP~1>
2007-01-21 16:09:30 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\AdobeUM
2007-01-20 17:27:41 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-01-20 17:27:07 0 d-------- C:\Program Files\Common Files\Adobe
2007-01-20 17:25:51 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-15 21:48:44 0 d---s---- C:\Documents and Settings\John Nicholson\Application Data\Microsoft<MICROS~1>
2007-01-14 14:14:24 34957 --a------ C:\WINDOWS\scunin.dat
2007-01-14 14:14:23 967 --a------ C:\WINDOWS\ScUnin.pif
2007-01-14 14:14:23 70656 --a------ C:\WINDOWS\ScUnin.exe
2007-01-14 14:07:57 0 d-------- C:\Program Files\SPACE INTERNATIONAL<SPACEI~1>
2007-01-13 16:01:12 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 14:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 11:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-11-27 07:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 07:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\Msmsgs.exe\" /background"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"DW4"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"Camfrog"="\"C:\\Program Files\\Camfrog\\Camfrog Video Chat\\CamfrogNet.exe\" 0 C:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Norton Ghost 10.0"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""
"ISUSPM Startup"="\"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"D-Link Wireless G WUA-1340"="C:\\Program Files\\D-Link\\Wireless G WUA-1340\\AirGCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"TELUS Security service"="\"C:\\Program Files\\TELUS\\TELUS Security service\\Freedom.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f680f56a-a359-11db-8c1e-0015e9f7bb44}]
Shell\AutoRun\command F:\SETUP.EXE

-- End of ComboScan: finished at 2007-02-25 at 14:50:30 -------------------------

Thank you, Keneth.

dorts · 02-25-2007, 11:32 PM

Hello and welcome to TSF

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. Please stay with me until your system has been declared clean.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

Downloads and others

Please download ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

Safe Mode

Restart your computer.
Before the Windows logo appear, tap F8 repeatedly. In some systems, this may be the F5 key.
A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard.
This will take a while than usual, so just wait.
After it loads, Login on your usual account.

Uninstall

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Do not uninstall J2SE Runtime Environment 5.0 Update 10

Fixes with HijackThis

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Please remember to close all other windows, including browsers then click Fix checked.

ATF Cleaner

Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

AVG Anti-Spyware

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

You may now reboot back to normal mode

Online Scan

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Logs

Please post the following logs in your next reply...

AVG Anti-Spyware's Log
Panda’s Online Scan Log
A Fresh New Comboscan Log

MattNicholson · 02-26-2007, 11:19 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:32:28 PM 26/02/2007

+ Scan result:

C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned.
C:\Documents and Settings\Lynn Nicholson\My Documents\My Received Files\XoftSpySE.4.29.193-=(E.D)=-SLARZBOY.(osloskop.net).rar/XoftSpySE 4.29.193-=(E.D)=-SLARZBOY\xoftspyse.v4.29.build.193-patch.exe -> Not-A-Virus.Hacktool.Crack : Cleaned.
C:\Program Files\XoftSpySE\xoftspyse.v4.29.build.193-patch.exe -> Not-A-Virus.Hacktool.Crack : Cleaned.
:mozilla.326:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.86:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.110:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.148:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.308:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.363:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.116:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.123:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.294:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.295:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.96:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.97:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.98:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.315:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.316:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.391:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.392:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.393:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.394:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.424:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.270:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.271:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.102:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.103:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.13:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.17:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.18:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.138:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.83:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.47:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.48:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.49:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.50:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.57:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.58:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.62:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.63:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.64:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.69:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.70:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.71:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.136:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.296:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.15:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.17:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.23:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.446:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.327:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.24:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.25:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.26:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.30:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.52:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.55:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.56:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.57:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.58:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.133:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.147:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.89:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.96:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.97:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.100:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.417:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.418:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.99:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.106:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.217:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.260:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.340:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.35:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.36:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.38:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.39:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.416:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.60:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.6:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.7:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.8:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.92:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.93:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.94:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.9:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.429:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.145:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.146:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.147:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.155:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.156:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.157:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.432:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.433:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.434:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.435:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.90:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.91:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.92:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.19:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.84:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.378:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.379:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.408:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.409:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.425:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.163:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.164:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.165:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.166:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.87:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.88:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.89:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.90:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.56:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.57:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.85:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.86:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.321:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.59:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.60:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.61:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.61:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.62:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.62:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.63:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.263:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.264:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.265:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.266:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.267:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.268:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.343:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.344:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.345:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.370:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.93:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.109:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.110:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.111:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.112:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.176:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.177:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.293:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.119:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.22:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.65:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.109:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.110:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.111:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.112:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.113:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.114:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.317:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.318:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.319:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.320:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.90:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.91:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.92:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.93:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.94:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.95:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.101:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.123:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.73:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.115:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.116:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.32:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.35:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.37:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.38:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.39:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.40:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.41:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.42:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.43:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.44:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.54:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.106:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.107:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.108:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

Incident Status Location

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Internet Explorer\MSIMG32.dll
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[server.iad.liveperson.net/hc/30435487]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.advertising.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John Nicholson\Cookies\john_nicholson@ads.pointroll[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John Nicholson\Cookies\john_nicholson@atdmt[2].txt
Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\system32\actskn45.ocx

ComboScan v20070221.16 run by John Nicholson on 2007-02-26 at 22:17:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as John Nicholson.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:17:44 PM, on 26/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\John Nicholson\Desktop\comboscan.exe
C:\Program Files\HijackThis\John Nicholson.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS Security service\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?8c2021aa3b0a4dec82b10bb769158c7d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?8c2021aa3b0a4dec82b10bb769158c7d
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-- Files created between 2007-01-26 and 2007-02-26 ------------------------------

2007-02-26 19:42:40 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-26 19:42:38 0 d-------- C:\WINDOWS\LastGood
2007-02-26 17:54:44 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-26 17:54:42 0 d-------- C:\Program Files\Grisoft
2007-02-25 14:49:53 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-23 21:22:58 0 d-------- C:\Program Files\The Weather Channel FW<THEWEA~1>
2007-02-23 21:22:55 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\Camfrog
2007-02-23 21:21:24 0 d-------- C:\Program Files\Camfrog
2007-02-19 07:44:32 0 d-------- C:\WINDOWS\pss
2007-02-07 21:20:44 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-02-07 21:18:36 0 d-------- C:\WINDOWS\system32\LogFiles
2007-02-07 21:18:36 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-06 22:40:00 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-02-06 22:38:37 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-02-06 22:37:52 0 d-------- C:\Program Files\HP
2007-02-06 22:36:42 17176 -----n--- C:\WINDOWS\hpomdl04.dat
2007-02-06 22:36:42 103535 --a------ C:\WINDOWS\hpoins04.dat
2007-02-06 22:36:20 0 d-------- C:\temp
2007-02-06 22:28:26 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-02-06 22:24:48 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-02-06 17

19 503808 --a------ C:\WINDOWS\system\sxlrt232.dll
2007-01-29 14:22:57 0 d-------- C:\Program Files\Messenger Plus! Live<MESSEN~2>
2007-01-29 01:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

-- Find3M Report ----------------------------------------------------------------

2007-02-26 21:45:30 0 d-------- C:\Program Files\Windows Live Toolbar<WINDOW~4>
2007-02-26 21:44:41 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-26 21:40:23 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-26 21:39:28 0 d-------- C:\Program Files\Common Files\Command Software<COMMAN~1>
2007-02-26 21:39:12 0 d-------- C:\Program Files\BAE
2007-02-26 21:14:17 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-26 19:38:19 0 d-------- C:\Program Files\Java
2007-02-22 18:24:04 0 d-------- C:\Program Files\Starcraft<STARCR~1>
2007-02-21 08:29:40 0 d-------- C:\Program Files\Common Files\PestPatrol<PESTPA~1>
2007-02-07 17:50:27 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-07 17:50:27 88 -r-hs---- C:\WINDOWS\system32\5970888737.sys<597088~1.SYS>
2007-02-07 17:36:28 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\Adobe
2007-02-04 23:16:07 0 d-------- C:\Program Files\XoftSpySE<XOFTSP~1>
2007-01-21 16:09:30 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\AdobeUM
2007-01-20 17:27:41 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-01-20 17:27:07 0 d-------- C:\Program Files\Common Files\Adobe
2007-01-20 17:25:51 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-15 21:48:44 0 d---s---- C:\Documents and Settings\John Nicholson\Application Data\Microsoft<MICROS~1>
2007-01-14 14:14:24 34957 --a------ C:\WINDOWS\scunin.dat
2007-01-14 14:14:23 967 --a------ C:\WINDOWS\ScUnin.pif
2007-01-14 14:14:23 70656 --a------ C:\WINDOWS\ScUnin.exe
2007-01-14 14:07:57 0 d-------- C:\Program Files\SPACE INTERNATIONAL<SPACEI~1>
2007-01-13 16:01:12 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 14:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 11:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-11-27 07:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 07:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LCDPlayer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\LCDPlayer.lnk"
"backup"="C:\\WINDOWS\\pss\\LCDPlayer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SPACEI~1\\CDSPAC~1\\LCDPlyer.exe "
"item"="LCDPlayer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WZCSLDR2"
"hkey"="HKLM"
"command"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Camfrog Video Chat"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Camfrog\\Camfrog Video Chat\\CamfrogNet.exe\" 0 C:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaDetect"
"hkey"="HKLM"
"command"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WUA-1340]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AirGCFG"
"hkey"="HKLM"
"command"="C:\\Program Files\\D-Link\\Wireless G WUA-1340\\AirGCFG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DSAgnt"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DLACTRLW"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DesktopWeather"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="isuspm"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\Msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxpers"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxpers.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smax4pnp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TELUS Security service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Freedom"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\TELUS\\TELUS Security service\\Freedom.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

-- End of ComboScan: finished at 2007-02-26 at 22:18:05 -------------------------

dorts · 02-27-2007, 08:27 AM

Hello and welcome back to TSF.

Please download the attached MattNicholson.zip the bottom of this post. Double click on the zip file and then double click on the file named MattNicholson.reg within it. When prompt, click yes to allow it to merge into the registry.

Unhide Files

Go to My Computer->Tools->Folder Options->View tab:

Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Also make sure there is no checkmark beside Hide file extensions for known file types
Click Yes to confirm and then click OK.

File Deletions

Delete the following Files indicated in RED if they still exist.

C:\Program Files\Internet Explorer\MSIMG32.dll
C:\WINDOWS\system32\actskn45.ocx

Online Scan

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Logs

Please post the following logs in your next reply...

Kaspersky’s Online Scan Log
A Fresh New Comboscan Log

MattNicholson · 02-27-2007, 07:15 PM

KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 27, 2007 6:13:38 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 28/02/2007
Kaspersky Anti-Virus database records: 274483
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
Scan Statistics
Total number of scanned objects 62477
Number of viruses found 2
Number of infected objects 2 / 0
Number of suspicious objects 0
Duration of the scan process 00:48:19

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\John Nicholson\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\John Nicholson\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\John Nicholson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\John Nicholson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\John Nicholson\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John Nicholson\Local Settings\History\History.IE5\MSHist012007022720070228\index.dat Object is locked skipped
C:\Documents and Settings\John Nicholson\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\John Nicholson\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John Nicholson\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\John Nicholson\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\John Nicholson\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP152\A0014584.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP154\A0015824.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP154\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

ComboScan v20070221.16 run by John Nicholson on 2007-02-27 at 18:16:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as John Nicholson.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:16:24 PM, on 27/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\John Nicholson\Desktop\comboscan.exe
C:\Program Files\HijackThis\John Nicholson.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS Security service\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?8c2021aa3b0a4dec82b10bb769158c7d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?8c2021aa3b0a4dec82b10bb769158c7d
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-- Files created between 2007-01-27 and 2007-02-27 ------------------------------

2007-02-27 15:25:52 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-02-27 15:25:50 0 d-------- C:\WINDOWS\LastGood
2007-02-26 19:42:40 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-26 17:54:44 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-26 17:54:42 0 d-------- C:\Program Files\Grisoft
2007-02-25 14:49:53 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-23 21:22:58 0 d-------- C:\Program Files\The Weather Channel FW<THEWEA~1>
2007-02-23 21:22:55 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\Camfrog
2007-02-23 21:21:24 0 d-------- C:\Program Files\Camfrog
2007-02-19 07:44:32 0 d-------- C:\WINDOWS\pss
2007-02-07 21:20:44 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-02-07 21:18:36 0 d-------- C:\WINDOWS\system32\LogFiles
2007-02-07 21:18:36 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-06 22:40:00 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-02-06 22:38:37 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-02-06 22:37:52 0 d-------- C:\Program Files\HP
2007-02-06 22:36:42 17176 -----n--- C:\WINDOWS\hpomdl04.dat
2007-02-06 22:36:42 103535 --a------ C:\WINDOWS\hpoins04.dat
2007-02-06 22:36:20 0 d-------- C:\temp
2007-02-06 22:28:26 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-02-06 22:24:48 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-02-06 17

19 503808 --a------ C:\WINDOWS\system\sxlrt232.dll
2007-01-29 14:22:57 0 d-------- C:\Program Files\Messenger Plus! Live<MESSEN~2>
2007-01-29 01:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

-- Find3M Report ----------------------------------------------------------------

2007-02-27 18:14:37 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-26 21:45:30 0 d-------- C:\Program Files\Windows Live Toolbar<WINDOW~4>
2007-02-26 21:44:42 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-26 21:40:23 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-26 21:39:28 0 d-------- C:\Program Files\Common Files\Command Software<COMMAN~1>
2007-02-26 21:39:12 0 d-------- C:\Program Files\BAE
2007-02-26 19:38:19 0 d-------- C:\Program Files\Java
2007-02-22 18:24:04 0 d-------- C:\Program Files\Starcraft<STARCR~1>
2007-02-21 08:29:40 0 d-------- C:\Program Files\Common Files\PestPatrol<PESTPA~1>
2007-02-07 17:50:27 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-07 17:50:27 88 -r-hs---- C:\WINDOWS\system32\5970888737.sys<597088~1.SYS>
2007-02-07 17:36:28 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\Adobe
2007-02-04 23:16:07 0 d-------- C:\Program Files\XoftSpySE<XOFTSP~1>
2007-01-21 16:09:30 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\AdobeUM
2007-01-20 17:27:41 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-01-20 17:27:07 0 d-------- C:\Program Files\Common Files\Adobe
2007-01-20 17:25:51 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-15 21:48:44 0 d---s---- C:\Documents and Settings\John Nicholson\Application Data\Microsoft<MICROS~1>
2007-01-14 14:14:24 34957 --a------ C:\WINDOWS\scunin.dat
2007-01-14 14:14:23 967 --a------ C:\WINDOWS\ScUnin.pif
2007-01-14 14:14:23 70656 --a------ C:\WINDOWS\ScUnin.exe
2007-01-14 14:07:57 0 d-------- C:\Program Files\SPACE INTERNATIONAL<SPACEI~1>
2007-01-13 16:01:12 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 14:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 11:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-11-27 07:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 07:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LCDPlayer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\LCDPlayer.lnk"
"backup"="C:\\WINDOWS\\pss\\LCDPlayer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SPACEI~1\\CDSPAC~1\\LCDPlyer.exe "
"item"="LCDPlayer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WZCSLDR2"
"hkey"="HKLM"
"command"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Camfrog Video Chat"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Camfrog\\Camfrog Video Chat\\CamfrogNet.exe\" 0 C:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaDetect"
"hkey"="HKLM"
"command"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WUA-1340]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AirGCFG"
"hkey"="HKLM"
"command"="C:\\Program Files\\D-Link\\Wireless G WUA-1340\\AirGCFG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DSAgnt"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DLACTRLW"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DesktopWeather"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="isuspm"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\Msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxpers"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxpers.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smax4pnp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TELUS Security service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Freedom"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\TELUS\\TELUS Security service\\Freedom.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

-- End of ComboScan: finished at 2007-02-27 at 18:16:46 -------------------------

dorts · 02-28-2007, 05:50 AM

Hello and welcome back to TSF.

You're clean! Do you have any other problems? If not, you are set to go!

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Create a new System Restore point

click Start >> Run - type SYSDM.CPL & press Enter
select the System Restore Tab
tick on the checkbox - "Turn off System Restore on all drives"
click Apply
then untick the same checkbox & click OK

Enable Windows Auto Update

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
SpywareGuard to catch and block spyware before it can execute.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
AD-AWARE
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
Winpatrol - Download and install the free version of Winpatrol.
A tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software
IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- Download IE-SpyAD - Extract the contents to a new folder
  From within the folder, double-click install.bat
  Select Option #2 - Install the new IE-SPYAD list.
  Then return to the main menu.
  Select option #4 - Add the old porn sites domain
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online antivirus scanners:

Anti-Spyware Tutorial

If you do not have a firewall, here are 4 free ones available for personal use:

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

As well as a great article written by our fellow Security Analyst, Glaswegian.
PC Safety & Security - What Do I Need?.

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

Please also consider donating to TSF to keep this site free for all.

MattNicholson · 02-28-2007, 04:17 PM

didn't kaspersky say I had 2 viruses? are they gone?

click Start >> Run - type SYSDM.CPL & press Enter
select the System Restore Tab
tick on the checkbox - "Turn off System Restore on all drives"
click Apply
then untick the same checkbox & click OK

why do I have to delete my restore points?

Which of those firewalls would you recommend most?

Will you keep this thread up so I can refer to it as I download my antivirus/firewall/view the articles etc.?

Thanks so much for your help!

dorts · 03-01-2007, 01:40 AM

Yes, Kaspersky found 2 viruses, but they are in the System restore points. So resetting them will delete them.

I see that you already have a firewall. (TELUS Security service Firewall) So please do not install another as it will cause conflicts.

And I'll keep this thread open for a while.

MattNicholson · 03-01-2007, 04:16 PM

ok my telus security service says it has anti-virus, firewall, & anti-spyware.. And I am running AVG anti-spyware real-time..
Is there anything else I need here?

dorts · 03-02-2007, 03:58 AM

Just for your infomation, AVG Anti-Spyware's real-protection only lasts for 30 days. After that, it will function as a normal scanner but without the real-time protection.

MattNicholson · 03-02-2007, 04:14 PM

Thank you.. So there isn't anything else I need here if I did have it?
Couldn't I just reinstall AVG?

dorts · 03-02-2007, 04:57 PM

Did you install the free software I recommended to you?

02-15-2007, 08:22 PM	#1 (permalink)
MattNicholson Registered User Join Date: Nov 2006 Location: Quesnel, British Columbia Posts: 87 OS: win xp pro, win xp home	Some sort of trojan I don't know whats going on with my computer.. my telus security thing said it detected a trojan i cant remember what it was called.. but it asked if i wanted to delete reboot.. i did but it never deleted it it keeps saying that.. I've noticed my computer goes slow sporatically especially when i turn it on, there is nothing running but the scvhost thing takes up around 100 CPU until i end the process tree then it is fine for a while ComboScan v20070212.14 run by John Nicholson on 2007-02-15 at 19:02:09 Computer is in Normal Mode. -------------------------------------------------------------------------------- Successfully created restore point. Performed disk cleanup. -- HijackThis log (run as John Nicholson.com) ----------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 7:03:22 PM, on 15/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Ghost\Agent\GhostTray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\TELUS\TELUS Security service\Freedom.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\Msmsgs.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\CDSLicenseMng.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\John Nicholson\Desktop\comboscan.exe C:\DOCUME~1\JOHNNI~1\LOCALS~1\Temp\~acnmptb.tmp\John Nicholson.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002 R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS Security service\pkR.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TELUS Security service] "C:\Program Files\TELUS\TELUS Security service\Freedom.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: LCDPlayer.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?8c2021aa3b0a4dec82b10bb769158c7d O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?8c2021aa3b0a4dec82b10bb769158c7d O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab53083.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- File Associations ------------------------------------------------------------ .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------- 4 abp480n5 - \SystemRoot\system32\DRIVERS\ABP480N5.SYS 4 adpu160m - \SystemRoot\system32\DRIVERS\adpu160m.sys 4 agpCPQ (Compaq AGP Bus Filter) - \SystemRoot\system32\DRIVERS\agpCPQ.sys 4 Aha154x - \SystemRoot\system32\DRIVERS\aha154x.sys 4 aic78u2 - \SystemRoot\system32\DRIVERS\aic78u2.sys 4 aic78xx - \SystemRoot\system32\DRIVERS\aic78xx.sys 4 AliIde - \SystemRoot\system32\DRIVERS\aliide.sys 4 alim1541 (ALI AGP Bus Filter) - \SystemRoot\system32\DRIVERS\alim1541.sys 4 amdagp (AMD AGP Bus Filter Driver) - \SystemRoot\system32\DRIVERS\amdagp.sys 4 amsint - \SystemRoot\system32\DRIVERS\amsint.sys 2 ANIO (ANIO Service) - \??\C:\WINDOWS\system32\ANIO.SYS 4 asc - \SystemRoot\system32\DRIVERS\asc.sys 4 asc3350p - \SystemRoot\system32\DRIVERS\asc3350p.sys 4 asc3550 - \SystemRoot\system32\DRIVERS\asc3550.sys 4 cbidf - \SystemRoot\system32\DRIVERS\cbidf2k.sys 4 cd20xrnt - \SystemRoot\system32\DRIVERS\cd20xrnt.sys 3 cdspacex - system32\DRIVERS\CDSPACEX.sys 4 CmdIde - \SystemRoot\system32\DRIVERS\cmdide.sys 4 Cpqarray - \SystemRoot\system32\DRIVERS\cpqarray.sys 2 CSS DVP - system32\DRIVERS\css-dvp.sys 4 dac2w2k - \SystemRoot\system32\DRIVERS\dac2w2k.sys 4 dac960nt - \SystemRoot\system32\DRIVERS\dac960nt.sys 2 DLABOIOM - System32\DLA\DLABOIOM.SYS 1 DLACDBHM - System32\Drivers\DLACDBHM.SYS 2 DLADResN - System32\DLA\DLADResN.SYS 2 DLAIFS_M - System32\DLA\DLAIFS_M.SYS 2 DLAOPIOM - System32\DLA\DLAOPIOM.SYS 2 DLAPoolM - System32\DLA\DLAPoolM.SYS 1 DLARTL_N - System32\Drivers\DLARTL_N.SYS 2 DLAUDFAM - System32\DLA\DLAUDFAM.SYS 2 DLAUDF_M - System32\DLA\DLAUDF_M.SYS 4 dpti2o - \SystemRoot\system32\DRIVERS\dpti2o.sys 0 DRVMCDB - System32\Drivers\DRVMCDB.SYS 2 DRVNDDM - System32\Drivers\DRVNDDM.SYS 3 DSproct - \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys 3 E100B (Intel(R) PRO Adapter Driver) - system32\DRIVERS\e100b325.sys 3 Freedom (Freedom Miniport) - system32\DRIVERS\FREEDOM.SYS 2 FreeTdi (Freedom Filter (24214)) - System32\Drivers\FreeTdi.sys 3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys 4 hpn - \SystemRoot\system32\DRIVERS\hpn.sys 3 HPZid412 (IEEE-1284.4 Driver HPZid412) - system32\DRIVERS\HPZid412.sys 3 HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - system32\DRIVERS\HPZipr12.sys 3 HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - system32\DRIVERS\HPZius12.sys 4 i2omp - \SystemRoot\system32\DRIVERS\i2omp.sys 3 ialm - system32\DRIVERS\ialmnt5.sys 4 ini910u - \SystemRoot\system32\DRIVERS\ini910u.sys 1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys 1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys 3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys 4 mraid35x - \SystemRoot\system32\DRIVERS\mraid35x.sys 3 nv - system32\DRIVERS\nv4_mini.sys 0 PCIIde - system32\DRIVERS\pciide.sys 4 perc2 - \SystemRoot\system32\DRIVERS\perc2.sys 4 perc2hib - \SystemRoot\system32\DRIVERS\perc2hib.sys 0 PxHelp20 - System32\Drivers\PxHelp20.sys 4 ql1080 - \SystemRoot\system32\DRIVERS\ql1080.sys 4 Ql10wnt - \SystemRoot\system32\DRIVERS\ql10wnt.sys 4 ql12160 - \SystemRoot\system32\DRIVERS\ql12160.sys 4 ql1240 - \SystemRoot\system32\DRIVERS\ql1240.sys 4 ql1280 - \SystemRoot\system32\DRIVERS\ql1280.sys 3 RT73 (D-Link USB Wireless LAN Card Driver) - system32\DRIVERS\Dr71WU.sys 3 senfilt - system32\drivers\senfilt.sys 4 sisagp (SIS AGP Bus Filter) - \SystemRoot\system32\DRIVERS\sisagp.sys 3 smwdm - system32\drivers\smwdm.sys 4 Sparrow - \SystemRoot\system32\DRIVERS\sparrow.sys 0 sptd - System32\Drivers\sptd.sys 4 symc810 - \SystemRoot\system32\DRIVERS\symc810.sys 4 symc8xx - \SystemRoot\system32\DRIVERS\symc8xx.sys 2 symlcbrd - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys 4 sym_hi - \SystemRoot\system32\DRIVERS\sym_hi.sys 4 sym_u3 - \SystemRoot\system32\DRIVERS\sym_u3.sys 4 TosIde - \SystemRoot\system32\DRIVERS\toside.sys 3 TwoRabts (Two Rabbits Live Bus) - system32\DRIVERS\TwoRabts.sys 4 ultra - \SystemRoot\system32\DRIVERS\ultra.sys 3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys 3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys 3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys 3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys 3 USBSTOR (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS 4 viaagp (VIA AGP Bus Filter) - \SystemRoot\system32\DRIVERS\viaagp.sys 4 ViaIde - \SystemRoot\system32\DRIVERS\viaide.sys 3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys 3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys 1 XSPACEWG - \??\C:\WINDOWS\system32\drivers\XSpaceWg.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3 Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" 2 ANIWZCSdService (ANIWZCSd Service) - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe 3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 2 ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" 3 ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" 2 ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" 2 dvpapi - "C:\Program Files\Common Files\Command Software\dvpapi.exe" 2 Fax - %systemroot%\system32\fxssvc.exe 2 GEARSecurity - %SystemRoot%\System32\GEARSec.exe 3 iPod Service - "C:\Program Files\iPod\bin\iPodService.exe" 2 MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" 3 NetSvc (Intel NCS NetService) - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe 3 Norton Ghost - C:\Program Files\Norton Ghost\Agent\VProSvc.exe 3 ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" 3 Symantec Core LC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 3 usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "C:\Program Files\MSN Messenger\usnsvc.exe" 3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe" 3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup -- Scheduled Tasks -------------------------------------------------------------- 2007-02-15 18:35:19 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job<CHECKU~1.JOB> 2007-02-13 03:00:00 380 --a------ C:\WINDOWS\Tasks\XoftSpySE.job<XOFTSP~1.JOB> -- Files created between 2007-01-15 and 2007-02-15 ------------------------------ 2007-02-07 21:20:44 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1> 2007-02-07 21:18:36 0 d-------- C:\WINDOWS\system32\LogFiles 2007-02-07 21:18:36 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-02-06 22:40:00 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1> 2007-02-06 22:37:52 0 d-------- C:\Program Files\HP 2007-02-06 22:36:42 17176 -----n--- C:\WINDOWS\hpomdl04.dat 2007-02-06 22:36:42 103535 --a------ C:\WINDOWS\hpoins04.dat 2007-02-06 22:36:20 0 d-------- C:\temp 2007-02-06 1719 503808 --a------ C:\WINDOWS\system\sxlrt232.dll<Unsigned: Dinkumware, Ltd.> 2007-01-29 14:22:57 0 d-------- C:\Program Files\Messenger Plus! Live<MESSEN~2> 2007-01-20 17:27:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrovision<MACROV~1> 2007-01-20 17:27:41 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1> 2007-01-19 13:45:02 0 d-------- C:\Documents and Settings\Kenton\Application Data\Corel Photo Album<CORELP~1> 2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll<Signed: Microsoft Corp.> 2007-01-19 11:08:25 0 d-------- C:\Documents and Settings\Kenton\Application Data\ESTsoft -- Find3M Report ---------------------------------------------------------------- 2007-02-15 16:36:40 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-02-15 1519 0 d-------- C:\Program Files\Common Files\Command Software<COMMAN~1> 2007-02-14 07:16:27 0 d-------- C:\Program Files\Common Files\PestPatrol<PESTPA~1> 2007-02-08 20:30:25 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1> 2007-02-07 17:50:27 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys<Unsigned: n/a> 2007-02-07 17:50:27 88 -r-hs---- C:\WINDOWS\system32\5970888737.sys<597088~1.SYS><Unsigned: n/a> 2007-02-07 17:36:28 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\Adobe 2007-02-06 17:08:56 0 d-------- C:\Program Files\Java 2007-02-04 23:16:07 0 d-------- C:\Program Files\XoftSpySE<XOFTSP~1> 2007-01-26 16:32:46 0 d-------- C:\Program Files\Starcraft<STARCR~1> 2007-01-21 16:09:30 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\AdobeUM 2007-01-20 17:27:07 0 d-------- C:\Program Files\Common Files\Adobe 2007-01-20 17:25:51 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-01-15 21:48:44 0 d---s---- C:\Documents and Settings\John Nicholson\Application Data\Microsoft<MICROS~1> 2007-01-14 14:14:24 34957 --a------ C:\WINDOWS\scunin.dat 2007-01-14 14:14:23 967 --a------ C:\WINDOWS\ScUnin.pif 2007-01-14 14:14:23 70656 --a------ C:\WINDOWS\ScUnin.exe<Unsigned: Blizzard Entertainment> 2007-01-14 14:07:57 0 d-------- C:\Program Files\SPACE INTERNATIONAL<SPACEI~1> 2007-01-13 16:01:12 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1> 2007-01-13 15:57:48 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys<Unsigned: n/a> 2006-12-19 21:55:53 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\Apple Computer<APPLEC~1> 2006-12-19 21:55:46 0 d-------- C:\Program Files\iTunes 2006-12-19 21:55:38 0 d-------- C:\Program Files\iPod 2006-12-19 21:55:16 0 d-------- C:\Program Files\QuickTime<QUICKT~1> -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "MSMSGS"="\"C:\\Program Files\\Messenger\\Msmsgs.exe\" /background" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe" "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe" "Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "Norton Ghost 10.0"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\"" "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" @="" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "D-Link Wireless G WUA-1340"="C:\\Program Files\\D-Link\\Wireless G WUA-1340\\AirGCFG.exe" "ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe" "Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "TELUS Security service"="\"C:\\Program Files\\TELUS\\TELUS Security service\\Freedom.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f680f56a-a359-11db-8c1e-0015e9f7bb44}] Shell\AutoRun\command F:\SETUP.EXE -- End of ComboScan: finished at 2007-02-15 at 19:04:40 ------------------------- ComboScan v20070212.14 run by John Nicholson on 2007-02-15 at 19:02:09 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ----------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Celeron(R) CPU 2.80GHz Percentage of Memory in Use: 31% Physical Memory (total/avail): 1021.98 MiB / 699.05 MiB Pagefile Memory (total/avail): 2464.24 MiB / 2226.11 MiB Virtual Memory (total/avail): 2047.88 MiB / 1993.73 MiB C: is Fixed (NTFS) - 52.7 GiB total, 36.62 GiB free. D: is Fixed (NTFS) - 18.61 GiB total, 0.28 GiB free. E: is CDROM (No Media) F: is CDROM (CDFS) G: is CDROM (CDFS) -- Security Center -------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is unknown. FirstRunDisabled is set. AntivirusOverride is set. FW: TELUS Security service Firewall v?????????3??? (TELUS) AV: TELUS Security service Anti-Virus v??????????? ??? (TELUS) -- Environment Variables -------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\John Nicholson\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=NICHOLSON ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\John Nicholson LOGONSERVER=\\NICHOLSON NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ESTsoft\ALZip\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ESTsoft\ALZip\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0409 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip SESSIONNAME=Console SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\JOHNNI~1\LOCALS~1\Temp TMP=C:\DOCUME~1\JOHNNI~1\LOCALS~1\Temp USERDOMAIN=NICHOLSON USERNAME=John Nicholson USERPROFILE=C:\Documents and Settings\John Nicholson windir=C:\WINDOWS -- User Profiles ---------------------------------------------------------------- John Nicholson (admin) Lynn Nicholson (admin) Harry Kroeker (admin) Kenton (admin) -- Add/Remove Programs ---------------------------------------------------------- --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9 Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} ALZip --> "C:\Program Files\ESTsoft\ALZip\unins000.exe" ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe" ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe" BJ Printer Driver --> C:\WINDOWS\CJRSTR\BjDelete.exe CDSpace 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B99BC62-1446-4CB0-8608-693BF1CE55D0}\Setup.exe" Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354} Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell Support 3.2 --> MsiExec.exe /X{3846E811-639D-4DE1-844B-30491C0A6C0C} Digital Content Portal --> MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330} Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly HijackThis 1.99.1 --> C:\Documents and Settings\John Nicholson\Local Settings\Temp\_AZTMP0_\HijackThis.exe /uninstall Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe" Hotfix for Windows Media Format SDK (KB910998) --> "C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe" HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7} iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4} J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9} Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} Mozilla Firefox (2.0.0.1) --> C:\PROGRA~1\MOZILL~1\uninstall\uninst.exe MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP Norton Ghost 10.0 --> MsiExec.exe /X{32F720F5-2D0D-4245-A2B0-9EB3CECF8101} QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A} Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe" Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9} Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{1707BF02-0F5C-4A6C-8F17-053BB73E443F} TELUS Security & Privacy --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{B544F669-B04B-45B7-B449-30E273712FCC} URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll" Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D} Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {9DA72A9F-4246-4C10-B0FA-D8C1037D45F8} Windows Live Toolbar --> MsiExec.exe /X{9DA72A9F-4246-4C10-B0FA-D8C1037D45F8} Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Wireless G WUA-1340 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{71FD28F7-E697-40B4-8DC9-91E8B1B9AEE9} XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- End of ComboScan: finished at 2007-02-15 at 19:04:40 -------------------------

02-23-2007, 05:22 AM	#3 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Hi and welcome to TSF. My name is Keneth and I would be helping you clean up your computer. As we have been very busy lately, I apologise for any delay in replying, and of course, all our helpers are volunteers. You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply. Since it has been a few days since you posted your log, and Comboscan has been updated since you last downloaded, please delete your current copy of Comboscan. Please Download ComboScan to your Desktop. Close all applications and windows. Double-click on comboscan.exe to run it, and follow the prompts. When the scan is complete, a text file will open - ComboScan.txt Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt back in this thread (do not attach it). Another text file will also open, Supplementary.txt. Please attach Supplementary.txt to your post. To attach a file to a new post, simply Click the [Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\ComboScan\Supplementary.txt Click Upload. __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all. Last edited by dorts; 02-23-2007 at 05:28 AM.

02-25-2007, 11:32 PM	#5 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Hello and welcome to TSF Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. Please stay with me until your system has been declared clean. IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER. Downloads and others Please download ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1 Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows" Install AVG Anti Spyware Double-click the icon on Desktop to launch AVG On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly. Safe Mode Restart your computer. Before the Windows logo appear, tap F8 repeatedly. In some systems, this may be the F5 key. A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard. This will take a while than usual, so just wait. After it loads, Login on your usual account. Uninstall Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Do not uninstall J2SE Runtime Environment 5.0 Update 10 Fixes with HijackThis Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any) R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) *Please remember to close all other windows, including browsers then click Fix checked.* ATF Cleaner Double-click ATF-Cleaner.exe to run the program. Click Select All found at the bottom of the list. Click the Empty Selected button. If you use Firefox browser, do this also: Click Firefox at the top and choose Select All from the list. Click the Empty Selected button. NOTE : If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser, do this also: Click Opera at the top and choose Select All from the list. Click the Empty Selected button. NOTE : If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. AVG Anti-Spyware Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). You may now reboot back to normal mode Online Scan Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place * Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan Logs Please post the following logs in your next reply... AVG Anti-Spyware's Log Panda’s Online Scan Log A Fresh New Comboscan Log __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

02-26-2007, 11:19 PM	#6 (permalink)
MattNicholson Registered User Join Date: Nov 2006 Location: Quesnel, British Columbia Posts: 87 OS: win xp pro, win xp home	--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 7:32:28 PM 26/02/2007 + Scan result: C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned. C:\Documents and Settings\Lynn Nicholson\My Documents\My Received Files\XoftSpySE.4.29.193-=(E.D)=-SLARZBOY.(osloskop.net).rar/XoftSpySE 4.29.193-=(E.D)=-SLARZBOY\xoftspyse.v4.29.build.193-patch.exe -> Not-A-Virus.Hacktool.Crack : Cleaned. C:\Program Files\XoftSpySE\xoftspyse.v4.29.build.193-patch.exe -> Not-A-Virus.Hacktool.Crack : Cleaned. :mozilla.326:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.86:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.110:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.148:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.19:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.200:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.26:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.27:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.27:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.308:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.31:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.32:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.363:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.72:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.73:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.76:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.77:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.78:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.79:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.80:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.81:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.82:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.83:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.88:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.115:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.116:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.123:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.294:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.295:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.96:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.97:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.98:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.315:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.316:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.391:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.392:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.393:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.394:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.424:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.270:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.271:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.102:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.103:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.13:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.14:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.15:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.16:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.18:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.20:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.21:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.22:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.23:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.28:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.29:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.29:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.30:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.33:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.34:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.13:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.17:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.18:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.138:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.83:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.47:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.48:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.49:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.50:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.57:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.58:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.59:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.60:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.61:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.62:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.63:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.64:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.69:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.70:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.71:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.136:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.296:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.15:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.17:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.23:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.446:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Enhance : Cleaned. :mozilla.327:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.24:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.25:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.26:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.28:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.30:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.52:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.55:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.56:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.57:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.58:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.133:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.147:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.89:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.96:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.97:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.100:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Goclick : Cleaned. :mozilla.417:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Goclick : Cleaned. :mozilla.418:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Goclick : Cleaned. :mozilla.99:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Goclick : Cleaned. :mozilla.106:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.217:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.260:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.340:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.35:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.36:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.38:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.39:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.416:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.60:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.6:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.7:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.8:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.92:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.93:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.94:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.9:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.429:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.145:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.146:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.147:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.155:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.156:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.157:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.432:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.433:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.434:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.435:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.90:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.91:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.92:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.19:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.84:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.378:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Onestat : Cleaned. :mozilla.379:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Onestat : Cleaned. :mozilla.408:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.409:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.425:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.163:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.164:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.165:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.166:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.87:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.88:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.89:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.90:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.56:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.57:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.85:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.86:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.321:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.59:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.60:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.61:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.61:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.62:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.62:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.63:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.263:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.264:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.265:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.266:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.267:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.268:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.343:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Starware : Cleaned. :mozilla.344:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Starware : Cleaned. :mozilla.345:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Starware : Cleaned. :mozilla.370:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.93:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.109:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.110:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.111:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.112:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.176:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.177:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.293:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned. :mozilla.119:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.22:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.65:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.109:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.110:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.111:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.112:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.113:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.114:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.317:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.318:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.319:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.320:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.90:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.91:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.92:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.93:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.94:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.95:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.101:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.123:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.73:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.115:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.116:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.32:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.33:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.34:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.35:C:\Documents and Settings\Kenton\Application Data\Mozilla\Firefox\Profiles\4k1c6esn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.37:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.38:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.39:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.40:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.41:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.42:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.43:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.44:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.53:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.54:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.55:C:\Documents and Settings\Harry Kroeker\Application Data\Mozilla\Firefox\Profiles\g21it05w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.106:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.107:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.108:C:\Documents and Settings\Lynn Nicholson\Application Data\Mozilla\Firefox\Profiles\m12qt9py.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. ::Report end Incident Status Location Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Internet Explorer\MSIMG32.dll Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[server.iad.liveperson.net/hc/30435487] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.advertising.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.advertising.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.2o7.net/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\John Nicholson\Application Data\Mozilla\Firefox\Profiles\wl0ohsiu.default\cookies.txt[.hitbox.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John Nicholson\Cookies\john_nicholson@ads.pointroll[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John Nicholson\Cookies\john_nicholson@atdmt[2].txt Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\system32\actskn45.ocx ComboScan v20070221.16 run by John Nicholson on 2007-02-26 at 22:17:42 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as John Nicholson.exe) --------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:17:44 PM, on 26/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\John Nicholson\Desktop\comboscan.exe C:\Program Files\HijackThis\John Nicholson.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS Security service\pkR.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?8c2021aa3b0a4dec82b10bb769158c7d O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?8c2021aa3b0a4dec82b10bb769158c7d O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab53083.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- Files created between 2007-01-26 and 2007-02-26 ------------------------------ 2007-02-26 19:42:40 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1> 2007-02-26 19:42:38 0 d-------- C:\WINDOWS\LastGood 2007-02-26 17:54:44 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-02-26 17:54:42 0 d-------- C:\Program Files\Grisoft 2007-02-25 14:49:53 0 d-------- C:\Program Files\HijackThis<HIJACK~1> 2007-02-23 21:22:58 0 d-------- C:\Program Files\The Weather Channel FW<THEWEA~1> 2007-02-23 21:22:55 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\Camfrog 2007-02-23 21:21:24 0 d-------- C:\Program Files\Camfrog 2007-02-19 07:44:32 0 d-------- C:\WINDOWS\pss 2007-02-07 21:20:44 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1> 2007-02-07 21:18:36 0 d-------- C:\WINDOWS\system32\LogFiles 2007-02-07 21:18:36 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-02-06 22:40:00 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1> 2007-02-06 22:38:37 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-02-06 22:37:52 0 d-------- C:\Program Files\HP 2007-02-06 22:36:42 17176 -----n--- C:\WINDOWS\hpomdl04.dat 2007-02-06 22:36:42 103535 --a------ C:\WINDOWS\hpoins04.dat 2007-02-06 22:36:20 0 d-------- C:\temp 2007-02-06 22:28:26 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-02-06 22:24:48 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-02-06 1719 503808 --a------ C:\WINDOWS\system\sxlrt232.dll 2007-01-29 14:22:57 0 d-------- C:\Program Files\Messenger Plus! Live<MESSEN~2> 2007-01-29 01:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe -- Find3M Report ---------------------------------------------------------------- 2007-02-26 21:45:30 0 d-------- C:\Program Files\Windows Live Toolbar<WINDOW~4> 2007-02-26 21:44:41 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1> 2007-02-26 21:40:23 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1> 2007-02-26 21:39:28 0 d-------- C:\Program Files\Common Files\Command Software<COMMAN~1> 2007-02-26 21:39:12 0 d-------- C:\Program Files\BAE 2007-02-26 21:14:17 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-02-26 19:38:19 0 d-------- C:\Program Files\Java 2007-02-22 18:24:04 0 d-------- C:\Program Files\Starcraft<STARCR~1> 2007-02-21 08:29:40 0 d-------- C:\Program Files\Common Files\PestPatrol<PESTPA~1> 2007-02-07 17:50:27 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-02-07 17:50:27 88 -r-hs---- C:\WINDOWS\system32\5970888737.sys<597088~1.SYS> 2007-02-07 17:36:28 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\Adobe 2007-02-04 23:16:07 0 d-------- C:\Program Files\XoftSpySE<XOFTSP~1> 2007-01-21 16:09:30 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\AdobeUM 2007-01-20 17:27:41 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1> 2007-01-20 17:27:07 0 d-------- C:\Program Files\Common Files\Adobe 2007-01-20 17:25:51 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll 2007-01-15 21:48:44 0 d---s---- C:\Documents and Settings\John Nicholson\Application Data\Microsoft<MICROS~1> 2007-01-14 14:14:24 34957 --a------ C:\WINDOWS\scunin.dat 2007-01-14 14:14:23 967 --a------ C:\WINDOWS\ScUnin.pif 2007-01-14 14:14:23 70656 --a------ C:\WINDOWS\ScUnin.exe 2007-01-14 14:07:57 0 d-------- C:\Program Files\SPACE INTERNATIONAL<SPACEI~1> 2007-01-13 16:01:12 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1> 2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll 2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL> 2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll 2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll 2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll 2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll 2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll 2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe 2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-12-19 14:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 11:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll 2006-11-27 07:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll 2006-11-27 07:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma Loader" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LCDPlayer.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\LCDPlayer.lnk" "backup"="C:\\WINDOWS\\pss\\LCDPlayer.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\SPACEI~1\\CDSPAC~1\\LCDPlyer.exe " "item"="LCDPlayer" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avgas" "hkey"="HKLM" "command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="apdproxy" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WZCSLDR2" "hkey"="HKLM" "command"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Camfrog Video Chat" "hkey"="HKCU" "command"="\"C:\\Program Files\\Camfrog\\Camfrog Video Chat\\CamfrogNet.exe\" 0 C:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccApp" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MediaDetect" "hkey"="HKLM" "command"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WUA-1340] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AirGCFG" "hkey"="HKLM" "command"="C:\\Program Files\\D-Link\\Wireless G WUA-1340\\AirGCFG.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKCU" "command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DSAgnt" "hkey"="HKCU" "command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DLACTRLW" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DesktopWeather" "hkey"="HKCU" "command"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hkcmd" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\hkcmd.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="igfxtray" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\igfxtray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="isuspm" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="issch" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\Msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GhostTray" "hkey"="HKLM" "command"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="igfxpers" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\igfxpers.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="smax4pnp" "hkey"="HKLM" "command"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TELUS Security service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Freedom" "hkey"="HKLM" "command"="\"C:\\Program Files\\TELUS\\TELUS Security service\\Freedom.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 -- End of ComboScan: finished at 2007-02-26 at 22:18:05 -------------------------

02-27-2007, 07:15 PM	#8 (permalink)
MattNicholson Registered User Join Date: Nov 2006 Location: Quesnel, British Columbia Posts: 87 OS: win xp pro, win xp home	KASPERSKY ONLINE SCANNER REPORT Tuesday, February 27, 2007 6:13:38 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 28/02/2007 Kaspersky Anti-Virus database records: 274483 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ G:\ Scan Statistics Total number of scanned objects 62477 Number of viruses found 2 Number of infected objects 2 / 0 Number of suspicious objects 0 Duration of the scan process 00:48:19 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\John Nicholson\Cookies\index.dat Object is locked skipped C:\Documents and Settings\John Nicholson\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\John Nicholson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\John Nicholson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\John Nicholson\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\John Nicholson\Local Settings\History\History.IE5\MSHist012007022720070228\index.dat Object is locked skipped C:\Documents and Settings\John Nicholson\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\John Nicholson\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\John Nicholson\NTUSER.DAT Object is locked skipped C:\Documents and Settings\John Nicholson\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\John Nicholson\UserData\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP152\A0014584.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP154\A0015824.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP154\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed. ComboScan v20070221.16 run by John Nicholson on 2007-02-27 at 18:16:23 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as John Nicholson.exe) --------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 6:16:24 PM, on 27/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\John Nicholson\Desktop\comboscan.exe C:\Program Files\HijackThis\John Nicholson.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061002 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS Security service\pkR.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?8c2021aa3b0a4dec82b10bb769158c7d O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?8c2021aa3b0a4dec82b10bb769158c7d O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab53083.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- Files created between 2007-01-27 and 2007-02-27 ------------------------------ 2007-02-27 15:25:52 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1> 2007-02-27 15:25:50 0 d-------- C:\WINDOWS\LastGood 2007-02-26 19:42:40 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1> 2007-02-26 17:54:44 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-02-26 17:54:42 0 d-------- C:\Program Files\Grisoft 2007-02-25 14:49:53 0 d-------- C:\Program Files\HijackThis<HIJACK~1> 2007-02-23 21:22:58 0 d-------- C:\Program Files\The Weather Channel FW<THEWEA~1> 2007-02-23 21:22:55 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\Camfrog 2007-02-23 21:21:24 0 d-------- C:\Program Files\Camfrog 2007-02-19 07:44:32 0 d-------- C:\WINDOWS\pss 2007-02-07 21:20:44 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1> 2007-02-07 21:18:36 0 d-------- C:\WINDOWS\system32\LogFiles 2007-02-07 21:18:36 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-02-06 22:40:00 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1> 2007-02-06 22:38:37 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-02-06 22:37:52 0 d-------- C:\Program Files\HP 2007-02-06 22:36:42 17176 -----n--- C:\WINDOWS\hpomdl04.dat 2007-02-06 22:36:42 103535 --a------ C:\WINDOWS\hpoins04.dat 2007-02-06 22:36:20 0 d-------- C:\temp 2007-02-06 22:28:26 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-02-06 22:24:48 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-02-06 1719 503808 --a------ C:\WINDOWS\system\sxlrt232.dll 2007-01-29 14:22:57 0 d-------- C:\Program Files\Messenger Plus! Live<MESSEN~2> 2007-01-29 01:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe -- Find3M Report ---------------------------------------------------------------- 2007-02-27 18:14:37 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-02-26 21:45:30 0 d-------- C:\Program Files\Windows Live Toolbar<WINDOW~4> 2007-02-26 21:44:42 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1> 2007-02-26 21:40:23 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1> 2007-02-26 21:39:28 0 d-------- C:\Program Files\Common Files\Command Software<COMMAN~1> 2007-02-26 21:39:12 0 d-------- C:\Program Files\BAE 2007-02-26 19:38:19 0 d-------- C:\Program Files\Java 2007-02-22 18:24:04 0 d-------- C:\Program Files\Starcraft<STARCR~1> 2007-02-21 08:29:40 0 d-------- C:\Program Files\Common Files\PestPatrol<PESTPA~1> 2007-02-07 17:50:27 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-02-07 17:50:27 88 -r-hs---- C:\WINDOWS\system32\5970888737.sys<597088~1.SYS> 2007-02-07 17:36:28 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\Adobe 2007-02-04 23:16:07 0 d-------- C:\Program Files\XoftSpySE<XOFTSP~1> 2007-01-21 16:09:30 0 d-------- C:\Documents and Settings\John Nicholson\Application Data\AdobeUM 2007-01-20 17:27:41 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1> 2007-01-20 17:27:07 0 d-------- C:\Program Files\Common Files\Adobe 2007-01-20 17:25:51 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll 2007-01-15 21:48:44 0 d---s---- C:\Documents and Settings\John Nicholson\Application Data\Microsoft<MICROS~1> 2007-01-14 14:14:24 34957 --a------ C:\WINDOWS\scunin.dat 2007-01-14 14:14:23 967 --a------ C:\WINDOWS\ScUnin.pif 2007-01-14 14:14:23 70656 --a------ C:\WINDOWS\ScUnin.exe 2007-01-14 14:07:57 0 d-------- C:\Program Files\SPACE INTERNATIONAL<SPACEI~1> 2007-01-13 16:01:12 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1> 2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll 2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL> 2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll 2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll 2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll 2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll 2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll 2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe 2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-12-19 14:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 11:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll 2006-11-27 07:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll 2006-11-27 07:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma Loader" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LCDPlayer.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\LCDPlayer.lnk" "backup"="C:\\WINDOWS\\pss\\LCDPlayer.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\SPACEI~1\\CDSPAC~1\\LCDPlyer.exe " "item"="LCDPlayer" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avgas" "hkey"="HKLM" "command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="apdproxy" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WZCSLDR2" "hkey"="HKLM" "command"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Camfrog Video Chat" "hkey"="HKCU" "command"="\"C:\\Program Files\\Camfrog\\Camfrog Video Chat\\CamfrogNet.exe\" 0 C:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccApp" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MediaDetect" "hkey"="HKLM" "command"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WUA-1340] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AirGCFG" "hkey"="HKLM" "command"="C:\\Program Files\\D-Link\\Wireless G WUA-1340\\AirGCFG.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKCU" "command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DSAgnt" "hkey"="HKCU" "command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DLACTRLW" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DesktopWeather" "hkey"="HKCU" "command"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hkcmd" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\hkcmd.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="igfxtray" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\igfxtray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="isuspm" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="issch" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\Msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GhostTray" "hkey"="HKLM" "command"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="igfxpers" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\igfxpers.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="smax4pnp" "hkey"="HKLM" "command"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TELUS Security service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Freedom" "hkey"="HKLM" "command"="\"C:\\Program Files\\TELUS\\TELUS Security service\\Freedom.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 -- End of ComboScan: finished at 2007-02-27 at 18:16:46 -------------------------

02-22-2007, 10:30 PM	#2 (permalink)
MattNicholson Registered User Join Date: Nov 2006 Location: Quesnel, British Columbia Posts: 87 OS: win xp pro, win xp home	bump.

02-28-2007, 05:50 AM	#9 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Hello and welcome back to TSF. You're clean! Do you have any other problems? If not, you are set to go! Reset hidden/system files and folders Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide file extensions for known types option. Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Create a new System Restore point click Start >> Run - type SYSDM.CPL & press Enter select the System Restore Tab tick on the checkbox - "Turn off System Restore on all drives" click Apply then untick the same checkbox & click OK Enable Windows Auto Update Go to Start>Run - type wuaucpl.cpl tick on the checkbox - "Keep my computer up to date" Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items SpywareGuard to catch and block spyware before it can execute. SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here AD-AWARE Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Download IE-SpyAD - Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list. Then return to the main menu. Select option #4 - Add the old porn sites domain MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip to your desktop. From your Desktop right-click (hosts.zip) and select: Extract All from the menu. Click Next, click Next, select the option: "Show Extracted files", click Finish This will open the newly created hosts folder on your Desktop. Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online antivirus scanners: Anti-Spyware Tutorial If you do not have a firewall, here are 4 free ones available for personal use: ZoneAlarm Avast Antivirus/Firewall Tiny Personal Firewall OutPost Firewall In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER As well as a great article written by our fellow Security Analyst, Glaswegian. PC Safety & Security - What Do I Need?. If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved. Please also consider donating to TSF to keep this site free for all. __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

02-28-2007, 04:17 PM	#10 (permalink)
MattNicholson Registered User Join Date: Nov 2006 Location: Quesnel, British Columbia Posts: 87 OS: win xp pro, win xp home	didn't kaspersky say I had 2 viruses? are they gone? click Start >> Run - type SYSDM.CPL & press Enter select the System Restore Tab tick on the checkbox - "Turn off System Restore on all drives" click Apply then untick the same checkbox & click OK why do I have to delete my restore points? Which of those firewalls would you recommend most? Will you keep this thread up so I can refer to it as I download my antivirus/firewall/view the articles etc.? Thanks so much for your help!

03-01-2007, 01:40 AM	#11 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Yes, Kaspersky found 2 viruses, but they are in the System restore points. So resetting them will delete them. I see that you already have a firewall. (TELUS Security service Firewall) So please do not install another as it will cause conflicts. And I'll keep this thread open for a while. __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

03-01-2007, 04:16 PM	#12 (permalink)
MattNicholson Registered User Join Date: Nov 2006 Location: Quesnel, British Columbia Posts: 87 OS: win xp pro, win xp home	ok my telus security service says it has anti-virus, firewall, & anti-spyware.. And I am running AVG anti-spyware real-time.. Is there anything else I need here?

03-02-2007, 03:58 AM	#13 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Just for your infomation, AVG Anti-Spyware's real-protection only lasts for 30 days. After that, it will function as a normal scanner but without the real-time protection. __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

03-02-2007, 04:14 PM	#14 (permalink)
MattNicholson Registered User Join Date: Nov 2006 Location: Quesnel, British Columbia Posts: 87 OS: win xp pro, win xp home	Thank you.. So there isn't anything else I need here if I did have it? Couldn't I just reinstall AVG? Last edited by MattNicholson; 03-02-2007 at 04:16 PM.

03-02-2007, 04:57 PM	#15 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Did you install the free software I recommended to you? __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.