Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page random pop ups tried spybot and kaspersky still get pop ups
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 02-23-2007, 02:54 PM   #1 (permalink)
Registered User
 
MyDingo21's Avatar
 
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2


random pop ups tried spybot and kaspersky still get pop ups
well i get some random pop ups that usually pop up on my IE even when i use firefox. i got one pop up on my firefox. i also unistalled a couple of program that i never install (malware). i used spybot found like 4 trojans and some tracking cookies. i used kaspersky afterwards and nothing. i think i still have some bits of the malware. so here's my HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 4:54:10 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\unBlackList.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Surf the Web at your own risk!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µnBlackList] C:\Program Files\SlySoft\AnyDVD\unBlackList.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134841150578
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
MyDingo21 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 02-26-2007, 02:11 PM   #2 (permalink)
Registered User
 
MyDingo21's Avatar
 
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2


also i get this weird message right after my desktop starts up ....here it is:


When I try to explore my PC this message appear.

Microsoft Visual C++ Runtime Library
"Buffer overrun detected!

Program :C:\Windows\Explorer.exe

A buffer overrun has been detected which has corrupted the program's internal state.The program cannot safely continue execution and must now be terminated"

after i click ok my desktop goes blank and i can't click on anything. i'm one hundred percent sure that it was asome hacker or/and some tyrojan ... HELP
and i can't go into my computer properties. but when i turn off my internet everything works
Last edited by MyDingo21; 02-26-2007 at 02:12 PM.
MyDingo21 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-26-2007, 04:46 PM   #3 (permalink)
Registered User
 
MyDingo21's Avatar
 
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2


omg!!!! i figured this crap out. well spybot ran a test found,smitfraud,and virtumonde. i googled around. found a fix for both, vundo fix didn't work soi downloaded vundobegone.exe and it worked no more problems and ads.
MyDingo21 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-28-2007, 06:48 AM   #4 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,972
OS: WinXP and Vista


Hello MyDingo21,

As you've recently discovered, running the above tools was not quite enough to rid your system of the infections present. I'll need new scans to determine exactly where we are right now.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.
  • Select option #1 - Search by typing 1 and press "Enter"
  • A text file will appear which lists infected files (if present).
  • Please copy/paste the content of that report into your next reply.
IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

--------------------------------------------------------

Run a new scan with HijackThis and post the log here as well.



**Mod's Note** Closed thread located in XP support "windows cannot find C:windows\system32\rundll32.exe"
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Last edited by Ried; 02-28-2007 at 06:51 AM. Reason: included link to recent thread in XP
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-28-2007, 11:20 AM   #5 (permalink)
Registered User
 
MyDingo21's Avatar
 
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2


i did that already... i'll re do it and send a log
MyDingo21 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-28-2007, 11:28 AM   #6 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,972
OS: WinXP and Vista


**Please note that I'm asking you to run Option 1 of the tool.**
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-28-2007, 04:11 PM   #7 (permalink)
Registered User
 
MyDingo21's Avatar
 
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2


here it is thnnx for tha help.



SmitFraudFix v2.144

Scan done at 18:10:39.98, Wed 02/28/2007
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Admin\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
MyDingo21 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-28-2007, 06:00 PM   #8 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,972
OS: WinXP and Vista


I also needed a new scan with HijackThis. Please run another scan and post the fresh log here.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-28-2007, 06:48 PM   #9 (permalink)
Registered User
 
MyDingo21's Avatar
 
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2


Logfile of HijackThis v1.99.1
Scan saved at 8:47:45 PM, on 2/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\unBlackList.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Surf the Web at your own risk!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D8EA31A-1D06-4E70-9AB6-A9531C741D74} - (no file)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µnBlackList] "C:\Program Files\SlySoft\AnyDVD\unBlackList.exe"
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134841150578
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
MyDingo21 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-28-2007, 08:07 PM   #10 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,972
OS: WinXP and Vista


We need a deeper look.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Download ComboScan to your Desktop.Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on comboscan.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - ComboScan.txt <- this one will be maximized and Supplementary.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread in the HijackThis Log Help Forum.
  5. Please attach Supplementary.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\ComboScanSupplementary.txt
  3. Click Upload.

--------------------------------------------------------------------

Please include the following in your next reply:

Panda results
ComboScan.txt
an Attached Supplementary.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-01-2007, 11:27 AM   #11 (permalink)
Registered User
 
MyDingo21's Avatar
 
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2


ok look i found out that rundll32.exe can actually be copied and work fine. I downloaded the file from the spybot website and it worked. everything seems to work. I dun think i have anything on my pc, but checking doesn't hurt so i'll send the files when i get home from school .
MyDingo21 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-01-2007, 05:26 PM   #12 (permalink)
Registered User
 
MyDingo21's Avatar
 
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2


results
ok here is the panda scan:




Incident Status Location

Adware:adware/zango Not disinfected Windows Registry
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt[.cs.sexcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt[.casalemedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt[.zedo.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt[.adrevolver.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt[.as-us.falkag.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Admin\Cookies\admin@adtech[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Admin\Cookies\admin@questionmarket[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Admin\My Documents\Installations\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Admin\My Documents\Installations\VirtumundoBeGone.exe[²ƒÇ]
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\dvactmxm.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\klqnactq.dll.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\kstosudw.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\mimwsiet.exe.bad
Adware:Adware/PurityScan Not disinfected C:\VundoFix Backups\rqclmhsx.dll.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\tpwnttau.exe.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\VSAdd-in.dll.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\xhjehboj.exe.bad
Adware:Adware/PurityScan Not disinfected C:\VundoFix Backups\xqhfeyxc.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\awtuvst.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\khffdaa.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe



Here is the Comboscan.txt:



ComboScan v20070226.18 run by Admin on 2007-03-01 at 19:16:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Admin.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:16:42 PM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\unBlackList.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Documents and Settings\Admin\Desktop\comboscan.exe
C:\DOCUME~1\Admin\Desktop\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Surf the Web at your own risk!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D8EA31A-1D06-4E70-9AB6-A9531C741D74} - (no file)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µnBlackList] "C:\Program Files\SlySoft\AnyDVD\unBlackList.exe"
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134841150578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


-- Files created between 2007-02-01 and 2007-03-01 ------------------------------

2007-03-01 17:22:25 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-01 17:04:49 0 d-------- C:\WINDOWS\LastGood
2007-02-28 18:10:31 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-28 18:10:31 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-28 18:10:31 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-28 18:10:29 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-28 18:10:29 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-28 18:10:26 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-27 16:55:53 0 d-------- C:\CloneDVDTemp<CLONED~1>
2007-02-27 16:53:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Elaborate Bytes<ELABOR~1>
2007-02-27 16:53:04 0 d-------- C:\Documents and Settings\Admin\Application Data\SlySoft
2007-02-26 1805 1826 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-26 17:57:29 966609 ---hs---- C:\WINDOWS\system32\pqstv.bak1<PQSTV~1.BAK>
2007-02-26 17:42:16 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-26 17:36:08 0 d-------- C:\Program Files\VSAdd-in
2007-02-26 16:49:31 0 d-------- C:\Documents and Settings\Administrator.USER-856C1D9BFD\Application Data\Webroot
2007-02-26 16:47:51 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Webroot
2007-02-26 16:22:59 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-26 16:22:59 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-26 16:22:59 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-26 16:22:59 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-26 16:21:58 0 d-------- C:\Program Files\Webroot
2007-02-26 16:21:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2007-02-26 16:19:32 0 d-------- C:\Documents and Settings\Admin\Application Data\Webroot
2007-02-23 17:57:28 0 d-------- C:\Program Files\Sony Setup<SONYSE~1>
2007-02-22 18:20:07 966709 ---hs---- C:\WINDOWS\system32\bbadd.bak1<BBADD~1.BAK>
2007-02-22 17:49:06 281652 --ahs---- C:\WINDOWS\system32\geebb.dll
2007-02-22 17:44:00 26637 --ahs---- C:\WINDOWS\system32\khffdaa.dll
2007-02-19 16:23:55 0 d-------- C:\Program Files\Acoustica Beatcraft<ACOUST~1>
2007-02-19 14:05:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic<MEDIAP~1>
2007-02-19 14:03:57 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-02-19 14:03:55 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-02-19 14:03:55 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real
2007-02-19 14:03:55 0 d-------- C:\Documents and Settings\Admin\Application Data\Real
2007-02-19 13:02:12 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound<NCHSWI~1>
2007-02-18 17:29:46 225280 --a------ C:\WINDOWS\system32\rewire.dll
2007-02-18 17:29:46 0 d-------- C:\Program Files\VstPlugins<VSTPLU~1>
2007-02-18 11:57:05 0 d-------- C:\Documents and Settings\Admin\Application Data\NCH Swift Sound<NCHSWI~1>
2007-02-18 11:56:07 0 d-------- C:\Program Files\NCH Swift Sound<NCHSWI~1>
2007-02-16 18:05:41 0 d-------- C:\Documents and Settings\Admin\Application Data\Azureus
2007-02-16 18:05:21 0 d-------- C:\Program Files\Azureus
2007-02-13 20:52:01 86016 --a------ C:\WINDOWS\unvise32.exe
2007-02-12 19:09:44 0 d-------- C:\Program Files\Avi2Dvd
2007-02-07 17:27:19 0 d-------- C:\My Downloads<MYDOWN~1>
2007-02-04 20:13:26 126976 --a------ C:\WINDOWS\system32\iavlsp.dll
2007-02-04 20:11:27 0 d-------- C:\Program Files\iolo
2007-02-04 19:59:32 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-02-03 15:14:24 335 --a------ C:\WINDOWS\mozregistry.dat<MOZREG~1.DAT>
2007-02-03 15:12:49 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-02 21:55:29 66560 --a------ C:\WINDOWS\MOTA113.exe
2007-02-02 21:55:28 217073 --a------ C:\WINDOWS\meta4.exe
2007-02-02 21:55:25 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-02-02 21:55:25 70656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-02-02 21:55:25 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll<AVSRED~1.DLL>
2007-02-02 21:55:23 845312 --a------ C:\WINDOWS\system32\Smab.dll
2007-02-02 21:55:21 0 d-------- C:\WINDOWS\system32\ShellDHCP<SHELLD~1>
2007-02-02 21:55:21 0 d-------- C:\Program Files\AviSynth 2.5<AVISYN~1.5>
2007-02-02 21:30:31 0 d-------- C:\Program Files\Common Files\SWF Studio<SWFSTU~1>


-- Find3M Report ----------------------------------------------------------------

2007-03-01 18:13:56 0 d-------- C:\Program Files\Yahoo!
2007-03-01 18:13:25 0 d-------- C:\Program Files\XviD
2007-03-01 18:13:15 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-01 18:13:09 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-03-01 18:12:35 0 d-------- C:\Program Files\SuperTux
2007-03-01 18:10:04 0 d-------- C:\Program Files\SBC Self Support Tool<SBCSEL~1>
2007-03-01 18:09:53 0 d-------- C:\Program Files\Realtek AC97<REALTE~2>
2007-03-01 18:09:38 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-03-01 18:09:38 0 d-------- C:\Program Files\OfficeUpdate11<OFFICE~1>
2007-03-01 18:09:00 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-01 18:04:40 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~3>
2007-03-01 18:04:39 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-01 18:04:36 0 d-------- C:\Program Files\LimeWire
2007-03-01 18:04:23 0 d-------- C:\Program Files\LexmarkX63<LEXMAR~1>
2007-03-01 18:00:49 0 d-------- C:\Program Files\Hijackthis<HIJACK~1>
2007-03-01 18:00:35 0 d-------- C:\Program Files\DVD Shrink<DVDSHR~1>
2007-03-01 18:00:34 0 d-------- C:\Program Files\DVD Decrypter<DVDDEC~1>
2007-03-01 18:00:33 0 d-------- C:\Program Files\DV TS<DVTS~1>
2007-03-01 18:00:27 0 d-------- C:\Program Files\DivX
2007-03-01 18:00:18 0 d-------- C:\Program Files\DAMN NFO Viewer<DAMNNF~1>
2007-03-01 17:56:36 0 d-------- C:\Program Files\Common Files\Motive
2007-03-01 17:55:24 0 d-------- C:\Program Files\Common Files\Kaspersky Lab<KASPER~1>
2007-03-01 17:54:55 0 d-------- C:\Program Files\CCleaner
2007-03-01 17:53:54 0 d-------- C:\Program Files\AvRack
2007-03-01 17:52:38 0 d-------- C:\Program Files\AOD
2007-03-01 17:52:37 0 d-------- C:\Program Files\AIM6
2007-03-01 17:51:20 0 d-------- C:\Program Files\AIM
2007-03-01 17:50:59 0 d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter<ACE-HI~1>
2007-03-01 17:31:37 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2007-03-01 17:31:33 0 d-------- C:\Documents and Settings\Admin\Application Data\MSNInstaller<MSNINS~1>
2007-03-01 17:31:33 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla
2007-03-01 17:31:05 0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2007-03-01 17:30:33 0 d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM
2007-02-23 16:43:28 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-18 18:19:23 56314 --a------ C:\Documents and Settings\Admin\Application Data\speech.wav
2007-01-29 02:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-21 19:47:39 0 d-------- C:\Program Files\Elaborate Bytes<ELABOR~1>
2007-01-21 19:46:31 0 d-------- C:\Program Files\SlySoft
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:38:04 0 d---s---- C:\Documents and Settings\Admin\Application Data\Microsoft<MICROS~1>
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 12:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-13 14:24:42 89296 --a------ C:\WINDOWS\system32\ElbyCDIO.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"µnBlackList"="\"C:\\Program Files\\SlySoft\\AnyDVD\\unBlackList.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RaidTool"="\"C:\\Program Files\\VIA\\RAID\\raid_tool.exe\""
"KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"lxamsp32.exe"="lxamsp32.exe"
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ArcSoft\\MEDIAC~1\\MCCMON~1.EXE -r"
"item"="Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mavenapp://maven.net/nike/jogatv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NikeJogaTV"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DRIVES~1"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"inimapping"="0"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSystemAnalyzer"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="1"
"hkey"="HKCU"
"command"="1"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C47A9554-195A-4769-9B13-04F15B450A39}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command G:\LaunchU3.exe -a

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac442ae2-864e-11db-82f5-00508d79493f}]
Shell\AutoRun\command G:\LaunchU3.exe -a


-- End of ComboScan: finished at 2007-03-01 at 19:17:19 -------------------------
Attached Files
File Type: txt Supplementary.txt (8.2 KB, 2 views)
MyDingo21 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-02-2007, 07:44 AM   #13 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,972
OS: WinXP and Vista


You still have the Vundo infection present on your system. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Please download ATF Cleaner by Atribune.

--------------------------------------------------------------------

Disable SpySweeper as it may interfere with the fixes below:

Right click the icon in your task bar and select 'Exit'.

--------------------------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs)

J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
VSAdd-in for Internet Explorer

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

O2 - BHO: (no name) - {0D8EA31A-1D06-4E70-9AB6-A9531C741D74} - (no file)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following Files and Folders

C:\WINDOWS\system32\ awtuvst.dll.vir
C:\WINDOWS\system32\ khffdaa.dll
C:\Program Files\ VSAdd-in
C:\WINDOWS\system32\ bbadd.bak1
C:\WINDOWS\system32\ geebb.dll

--------------------------------------------------------------------

Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

--------------------------------------------------------------------

Run a new scan with ComboScan.exe

--------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Kaspersky results
New ComboScan.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-02-2007, 06:39 PM   #14 (permalink)
Registered User
 
MyDingo21's Avatar
 
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2


results
ok well i tried to unistall java update 5+6 in safe mode i got this:"The Windows Installer Service could not be accessed. This can occur if you are running windows in safe mode or if the windows installer is not currectly installed. contact your support personnal for asistance." So i tried to unistall the VSAdd-in for Internet Explorer and it didn't do anything when i clicked on remove button.So i kept going and did the avgscan then went to mornal mode and tried to unistall java update 5+6 and it worked. i tried to unistall the VS Add but it's still doing the same thing. I went on and did the online kaspersky scan and deleted what it found to be virus's in the text report file. here's everything:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:16:08 PM 3/2/2007

+ Scan result:



C:\WINDOWS\system32\awtuvst.dll.vir -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\khffdaa.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\browser.exe -> Hijacker.Small : No action taken.
:mozilla.132:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.58:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.135:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.136:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-1.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-2.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.209:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Admarketplace : No action taken.
:mozilla.210:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Admarketplace : No action taken.
:mozilla.109:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.110:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.111:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.112:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.113:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.114:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.138:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.139:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.140:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.141:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.142:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.143:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.143:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.143:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.144:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.144:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.144:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.144:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.145:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.145:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.145:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.145:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.145:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.145:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.146:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.146:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.146:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.146:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.146:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.147:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.147:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.147:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.148:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.148:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.154:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.155:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.156:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.64:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-1.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.64:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-2.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.65:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-1.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.65:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-2.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.66:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-1.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.66:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-2.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.67:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-1.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.67:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-2.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.60:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.61:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.62:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.63:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.64:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.65:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.66:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.67:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.68:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.143:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.6:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.8:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.218:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.38:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.39:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.40:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.41:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.42:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.150:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.161:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.162:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.163:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.172:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.64:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.65:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.67:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.68:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.69:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.69:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.69:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.70:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.70:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.70:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.71:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.71:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.71:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.71:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.72:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.72:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.72:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.72:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.73:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.74:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.74:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.23:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Paypopup : No action taken.
:mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.31:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.32:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.72:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.73:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.74:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.78:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.79:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.80:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.81:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.107:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.108:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.109:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.110:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.111:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.130:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.131:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.132:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.134:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.135:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.135:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.135:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.136:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.136:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.136:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.136:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.138:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.138:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.138:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.139:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.139:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.161:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.162:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.163:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.168:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.169:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.170:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.55:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-1.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.55:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-2.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.56:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-1.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.56:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.56:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-2.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.57:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-1.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.57:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-2.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.59:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.60:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.14:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.14:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.15:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.15:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.16:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.17:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.18:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.19:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.20:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.6:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.6:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.6:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.7:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.7:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.7:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.7:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.8:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.8:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.8:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.8:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.105:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.106:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.107:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Zedo : No action taken.
C:\VundoFix Backups\VSAdd-in.dll.bad -> Trojan.Agent.acl : No action taken.


::Report end





here's the online kaspersky scan:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, March 02, 2007 8:12:35 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/03/2007
Kaspersky Anti-Virus database records: 275499
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 39596
Number of viruses found: 5
Number of infected objects: 17 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:15:02

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Admin\Application Data\SlySoft\AnyDVD\AnyDVD.chk Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Webroot\Spy Sweeper\Logs\070302181957.ses Object is locked skipped
C:\Documents and Settings\Admin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\MSHist012007030220070303\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\BCGB.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DFEAFB.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Installations\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Admin\My Documents\Installations\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Admin\My Documents\Installations\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Admin\My Documents\Installations\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Admin\My Documents\Installations\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Admin\ntuser.dat Object is locked skipped
C:\Documents and Settings\Admin\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0300 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0301 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.reph Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.repi Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.rept Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0300 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0301 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.reph Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.repi Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.rept Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.reph Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.repi Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.rept Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS02E38FB0-17E7-43F2-A371-A5A50D6F6499.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS0A96C4AC-859E-470C-AA6A-88D6C801F58C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS0CBD2735-88F8-4F51-857E-D366CBB826FC.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS0D2B68D2-7D36-4398-A41A-8D8C97315D80.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS10E7E0D0-8CF4-4388-B335-93E23C34F0F5.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS151BCDD9-E28E-4A28-8ED5-D604448C59C3.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS15F95E27-0090-4A23-8A63-AA9BC3C67FC1.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS1661E3F9-911C-4D84-A482-A4AFE9F9D793.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS1DA03706-F8A9-41CF-AEF8-E545DE4C1EEB.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS213B6F29-CD94-453D-9414-5CB0B7D50D24.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS23489718-7BEE-4C15-909D-D03976118B91.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS2C82F73C-A55F-4493-B79E-3E5DFA8BB25B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS35E1E7B4-70FA-44FC-9DBA-D9B727703699.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS390DF779-9737-4AA2-A0E5-82FCE9DA072A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS392AC3DA-EC8F-48EF-A9D3-41E2A631CCA8.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS3968C960-4207-482C-BEC8-DBA204D93563.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS3DB76E5D-4400-46E5-B340-D2816E31FA07.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS4075CAB8-8BDB-4C3B-9814-572668D76284.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS4120D9FE-8618-449D-9F11-390C8D041283.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS41F3A43F-A351-404F-BA98-06F3DEDEA507.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS4A5B2D7A-837C-4963-BDC5-3D87AD53C290.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS4D39FD36-2A2C-44E5-AD39-3ECA359E7B71.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS4E55649B-56D6-4964-84FD-5879E318DE0A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS4FDD8147-E43B-4AD5-A67E-157B4ACD0FB4.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS50A9FF29-427E-40BD-AB12-93BA549FAA57.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS5183CD41-00E9-4944-AEED-5BE6A1625B04.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS51853DD8-FE43-4CF6-A699-7EB3409E72D7.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS51FA3401-7645-48FB-898E-3500B552E699.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS52111D98-63C9-475A-AC12-AFE32427940E.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS524D5589-A836-4002-B0F7-F0C63A1D3EF2.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS54CF3ACF-F042-4E76-8752-FB570B31001C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS594C540C-2B2B-401D-82FD-363B8CDC8D5B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS5CF08F23-C14A-4F9D-A445-F49A62736BA9.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS60FCFDB1-0119-4537-A4C4-51D01D599FA6.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS619C08A5-EDCA-4292-8EDF-3BF88A286162.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS640814E7-2DBC-4F2B-B7C1-B9939873FED7.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS6632BFAC-6477-4BCF-8F3C-8A8C12A325A5.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS680BF31E-7473-4389-B326-2F2843C65FCE.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS6BB76CEC-8B00-46B9-B33C-4C1ABA749C3A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS6D3B503E-6DF0-4348-9B70-443AD25DDF8E.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS6FE09A92-ED93-45F3-BA95-7A272747B54D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS71B55C5D-ADBD-4769-A770-9A39903CEFCB.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS76252843-ABD4-4829-B3D1-67A2D5B3849F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS78795904-ACEF-4303-AFD0-FDA773B6DC9C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS7E12DA35-2D74-4263-B5E0-6800964F6730.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS7F89D9A5-1821-4780-81A6-1BBB9B03FD6E.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS80EF8124-AF40-4E2B-9F41-8F3AF592F137.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS82462C8D-EE55-45BC-9446-8C9A8CF40C9A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS83CC3FEF-E479-4584-BE98-03452CACD5ED.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS841DDAC5-8129-48C5-9272-2E136A7BBE5D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS87DC57D2-20F1-44D5-9DCD-7243E58D66E3.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS8BC27920-D9EA-4589-9EF8-93AAA62D3A72.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS92205663-226E-4721-B270-F4170A72C662.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS952418F6-03FF-498A-B648-681BDEA67714.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS95A177FC-B62B-4DE8-9EE5-0792D94F1D32.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS96C0A9A0-9FF3-4BFB-9F62-A0AC92C29403.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS9993D32E-C52B-4870-B787-481EBF0E2B73.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSA1D6CF90-AE7A-4438-BD1E-86BBC0A9C546.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSA53C9020-2D30-4322-A22F-E2D74D327585.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSA6A0103D-1CB5-4164-A95F-36E5ADB14D82.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSA8B83B63-34D8-4ED0-8C63-CA6AB7533159.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSAD4AF69D-AFEB-47D7-A574-7FB94A35A34B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSB05E1D2E-42F7-41CD-9758-A867AFD816BB.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSB3B33A46-E926-4764-B094-B2F37C8231E4.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSB628AA75-5838-4992-944E-A042EE3B50D8.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSB67E91F7-F9D2-4EE7-9DDA-28A17ABD123B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSB6D926DC-DA6F-40E4-8422-98929DDF9A95.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSB815BC0E-F72E-4013-97DA-5559AF3AB3DB.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSBB1E402A-E63C-4D0E-B487-3DDCAEBC1531.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSC111086B-BD27-47F1-98BA-0E395F2F14CD.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSC75DC5DD-CFED-43AE-9D33-29C74F45F97F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSC7DF443D-237A-4122-B850-A040B32C9B26.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSC88D55C0-91E5-49EF-B441-9CBE5C82D65D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSC98D0871-EECD-4806-B48C-B0966D7FA5BD.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSCBF53D3B-202F-45D0-8026-5B5F75D07553.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSCEFBAB42-2475-482C-943D-63AFEB3ED6D2.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD4A6E857-B62B-41BE-98A3-15823B3ECB43.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSDA78853B-7E36-4701-8886-E91D7D6A866F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSDFD5B808-0B48-46A5-A4E5-381BE72F2D2C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSE3903197-9E74-43D6-BFA3-6B4B55F6B151.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSE6F26FB7-4A20-4A3B-9A40-097AAAC7251A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSE9E1F878-9049-4B3A-9B2F-12D0D24DFF15.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSEA3935F1-3C2F-4B89-84C7-15FC7C02A529.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSEDCE94AC-9628-4DDF-BF5B-ECE9A2EB9240.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSEF8CA3DE-82A8-407B-8378-B3CFD3EE746A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSEF94937F-F0BB-4A49-A216-0A4072576E09.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSF835E0C1-E6C2-4B16-9251-EF2EAE50D7DC.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSF9B42F1D-2B99-4C11-9068-074CEC2A2C76.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSFBB06F98-0FEB-43B8-A57A-7062D367E4AF.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSFCC1FA6D-74C6-4E45-BFDF-4F1308F94541.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSFF775BCB-5BF6-449E-97C3-DEF96C9FFB56.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\applog.log Object is locked skipped
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\pktlog.log Object is locked skipped
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\seclog.log Object is locked skipped
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46D322A0-EAC6-45A4-8F05-A822C0EF4FA5}\RP3\change.log Object is locked skipped
C:\VundoFix Backups\dvactmxm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\klqnactq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\kstosudw.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\mimwsiet.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\rqclmhsx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gf skipped
C:\VundoFix Backups\tpwnttau.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\VSAdd-in.dll.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\xhjehboj.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\xqhfeyxc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gf skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\awtuvst.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\khffdaa.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


here's the comboscan txt:



ComboScan v20070226.18 run by Admin on 2007-03-02 at 20:29:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Admin.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:30:01 PM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\unBlackList.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Admin\Desktop\comboscan.exe
C:\DOCUME~1\Admin\Desktop\Admin.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Surf the Web at your own risk!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µnBlackList] "C:\Program Files\SlySoft\AnyDVD\unBlackList.exe"
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134841150578
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


-- Files created between 2007-02-02 and 2007-03-02 ------------------------------

2007-03-02 18:36:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-03-02 18:36:37 0 d-------- C:\WINDOWS\LastGood
2007-03-02 16:40:27 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-02 16:40:18 0 d-------- C:\Program Files\Grisoft
2007-02-28 18:10:31 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-28 18:10:31 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-28 18:10:31 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-28 18:10:29 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-28 18:10:29 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-28 18:10:26 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-27 16:55:53 0 d-------- C:\CloneDVDTemp<CLONED~1>
2007-02-27 16:53:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Elaborate Bytes<ELABOR~1>
2007-02-27 16:53:04 0 d-------- C:\Documents and Settings\Admin\Application Data\SlySoft
2007-02-26 1805 1826 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-26 17:57:29 966609 ---hs---- C:\WINDOWS\system32\pqstv.bak1<PQSTV~1.BAK>
2007-02-26 16:49:31 0 d-------- C:\Documents and Settings\Administrator.USER-856C1D9BFD\Application Data\Webroot
2007-02-26 16:47:51 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Webroot
2007-02-26 16:22:59 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-26 16:22:59 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-26 16:22:59 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-26 16:22:59 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-26 16:21:58 0 d-------- C:\Program Files\Webroot
2007-02-26 16:21:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2007-02-26 16:19:32 0 d-------- C:\Documents and Settings\Admin\Application Data\Webroot
2007-02-22 18:20:07 966709 ---hs---- C:\WINDOWS\system32\bbadd.bak1<BBADD~1.BAK>
2007-02-22 17:49:06 281652 --ahs---- C:\WINDOWS\system32\geebb.dll
2007-02-19 16:23:55 0 d-------- C:\Program Files\Acoustica Beatcraft<ACOUST~1>
2007-02-19 14:05:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic<MEDIAP~1>
2007-02-19 14:03:57 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-02-19 14:03:55 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-02-19 14:03:55 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real
2007-02-19 14:03:55 0 d-------- C:\Documents and Settings\Admin\Application Data\Real
2007-02-19 13:02:12 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound<NCHSWI~1>
2007-02-18 17:29:46 225280 --a------ C:\WINDOWS\system32\rewire.dll
2007-02-18 17:29:46 0 d-------- C:\Program Files\VstPlugins<VSTPLU~1>
2007-02-18 11:57:05 0 d-------- C:\Documents and Settings\Admin\Application Data\NCH Swift Sound<NCHSWI~1>
2007-02-18 11:56:07 0 d-------- C:\Program Files\NCH Swift Sound<NCHSWI~1>
2007-02-16 18:05:41 0 d-------- C:\Documents and Settings\Admin\Application Data\Azureus
2007-02-16 18:05:21 0 d-------- C:\Program Files\Azureus
2007-02-13 20:52:01 86016 --a------ C:\WINDOWS\unvise32.exe
2007-02-12 19:09:44 0 d-------- C:\Program Files\Avi2Dvd
2007-02-07 17:27:19 0 d-------- C:\My Downloads<MYDOWN~1>
2007-02-04 20:13:26 126976 --a------ C:\WINDOWS\system32\iavlsp.dll
2007-02-04 19:59:32 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-02-03 15:14:24 335 --a------ C:\WINDOWS\mozregistry.dat<MOZREG~1.DAT>
2007-02-03 15:12:49 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-02 21:55:29 66560 --a------ C:\WINDOWS\MOTA113.exe
2007-02-02 21:55:28 217073 --a------ C:\WINDOWS\meta4.exe
2007-02-02 21:55:25 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-02-02 21:55:25 70656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-02-02 21:55:25 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll<AVSRED~1.DLL>
2007-02-02 21:55:23 845312 --a------ C:\WINDOWS\system32\Smab.dll
2007-02-02 21:55:21 0 d-------- C:\WINDOWS\system32\ShellDHCP<SHELLD~1>
2007-02-02 21:55:21 0 d-------- C:\Program Files\AviSynth 2.5<AVISYN~1.5>
2007-02-02 21:30:31 0 d-------- C:\Program Files\Common Files\SWF Studio<SWFSTU~1>


-- Find3M Report ----------------------------------------------------------------

2007-03-02 18:31:43 0 d-------- C:\Program Files\Java
2007-03-01 18:13:56 0 d-------- C:\Program Files\Yahoo!
2007-03-01 18:13:25 0 d-------- C:\Program Files\XviD
2007-03-01 18:13:15 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-01 18:13:09 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-03-01 18:12:35 0 d-------- C:\Program Files\SuperTux
2007-03-01 18:10:04 0 d-------- C:\Program Files\SBC Self Support Tool<SBCSEL~1>
2007-03-01 18:09:53 0 d-------- C:\Program Files\Realtek AC97<REALTE~2>
2007-03-01 18:09:38 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-03-01 18:09:38 0 d-------- C:\Program Files\OfficeUpdate11<OFFICE~1>
2007-03-01 18:09:00 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-01 18:04:40 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~3>
2007-03-01 18:04:39 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-01 18:04:36 0 d-------- C:\Program Files\LimeWire
2007-03-01 18:04:25 0 d-------- C:\Program Files\LexmarkX63<LEXMAR~1>
2007-03-01 18:00:49 0 d-------- C:\Program Files\Hijackthis<HIJACK~1>
2007-03-01 18:00:35 0 d-------- C:\Program Files\DVD Shrink<DVDSHR~1>
2007-03-01 18:00:34 0 d-------- C:\Program Files\DVD Decrypter<DVDDEC~1>
2007-03-01 18:00:33 0 d-------- C:\Program Files\DV TS<DVTS~1>
2007-03-01 18:00:27 0 d-------- C:\Program Files\DivX
2007-03-01 18:00:18 0 d-------- C:\Program Files\DAMN NFO Viewer<DAMNNF~1>
2007-03-01 17:56:36 0 d-------- C:\Program Files\Common Files\Motive
2007-03-01 17:55:24 0 d-------- C:\Program Files\Common Files\Kaspersky Lab<KASPER~1>
2007-03-01 17:54:55 0 d-------- C:\Program Files\CCleaner
2007-03-01 17:53:54 0 d-------- C:\Program Files\AvRack
2007-03-01 17:52:38 0 d-------- C:\Program Files\AOD
2007-03-01 17:52:37 0 d-------- C:\Program Files\AIM6
2007-03-01 17:51:20 0 d-------- C:\Program Files\AIM
2007-03-01 17:50:59 0 d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter<ACE-HI~1>
2007-03-01 17:31:37 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2007-03-01 17:31:33 0 d-------- C:\Documents and Settings\Admin\Application Data\MSNInstaller<MSNINS~1>
2007-03-01 17:31:33 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla
2007-03-01 17:31:05 0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2007-03-01 17:30:33 0 d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM
2007-02-23 16:43:28 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-18 18:19:23 56314 --a------ C:\Documents and Settings\Admin\Application Data\speech.wav
2007-01-29 02:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-21 19:47:39 0 d-------- C:\Program Files\Elaborate Bytes<ELABOR~1>
2007-01-21 19:46:31 0 d-------- C:\Program Files\SlySoft
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:38:04 0 d---s---- C:\Documents and Settings\Admin\Application Data\Microsoft<MICROS~1>
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 12:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-13 14:24:42 89296 --a------ C:\WINDOWS\system32\ElbyCDIO.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"µnBlackList"="\"C:\\Program Files\\SlySoft\\AnyDVD\\unBlackList.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RaidTool"="\"C:\\Program Files\\VIA\\RAID\\raid_tool.exe\""
"KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"lxamsp32.exe"="lxamsp32.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

Cannot create file "C:\DOCUME~1\Admin\LOCALS~1\Temp\~lsermgq.tmp\aa.txt". Access is denied

C:\DOCUME~1\Admin\LOCALS~1\Temp\~lsermgq.tmp\aa.txt

Cannot create file "C:\DOCUME~1\Admin\LOCALS~1\Temp\~lsermgq.tmp\aa.txt". Access is denied

C:\DOCUME~1\Admin\LOCALS~1\Temp\~lsermgq.tmp\aa.txt

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ArcSoft\\MEDIAC~1\\MCCMON~1.EXE -r"
"item"="Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mavenapp://maven.net/nike/jogatv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NikeJogaTV"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DRIVES~1"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"inimapping"="0"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSystemAnalyzer"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="1"
"hkey"="HKCU"
"command"="1"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C47A9554-195A-4769-9B13-04F15B450A39}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command G:\LaunchU3.exe -a

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac442ae2-864e-11db-82f5-00508d79493f}]
Shell\AutoRun\command G:\LaunchU3.exe -a


-- End of ComboScan: finished at 2007-03-02 at 20:31:12 -------------------------



also i just got a new java update should i install it know is it safe to install update 11?
Last edited by MyDingo21; 03-02-2007 at 06:41 PM.
MyDingo21 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-02-2007, 07:13 PM   #15 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,972
OS: WinXP and Vista


Quote:
I went on and did the online kaspersky scan and deleted what it found to be virus's in the text report file. here's everything:
When did you run the ComboScan then--before or after you did the deleting of files you saw in Kaspersky?

AVG A-S says 'no action taken'. Did you save the report before you allowed it to Quarantine those?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-03-2007, 07:50 AM   #16 (permalink)
Registered User
 
MyDingo21's Avatar
 
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2


i ran kaspersky looked at the infected files and went about deleting them then i ran the comboscan after deleting the files. i dun understand the avg thing i set it quartertine and once the scan was complete i simply saved the report and there it is.
MyDingo21 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-03-2007, 08:14 AM   #17 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,972
OS: WinXP and Vista


Go back to my instructions for running AVG A-S and follow the steps accordingly. After you select 'quarantine', you then need to click 'Apply all Actions' to fix those entries. After you've click Apply all actions, then click Save Report.

All those files you said you deleted are showing in the latest ComboScan.txt. After you run AVG A-S, run ComboScan again and post both reports here again please.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-03-2007, 09:20 AM   #18 (permalink)
Registered User
 
MyDingo21's Avatar
 
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2


yes
ok i figured it out right after i posted my comment thnxx anyway. o0k here's the new avg:


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:10:07 AM 3/3/2007

+ Scan result:



C:\System Volume Information\_restore{46D322A0-EAC6-45A4-8F05-A822C0EF4FA5}\RP3\A0003292.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{46D322A0-EAC6-45A4-8F05-A822C0EF4FA5}\RP3\A0003294.dll -> Adware.Virtumonde : Cleaned.
C:\WINDOWS\browser.exe -> Hijacker.Small : Cleaned.
:mozilla.132:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.136:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.209:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.210:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.109:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.110:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.111:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.112:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.113:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.114:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.138:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.139:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.140:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.142:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.145:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.145:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.145:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.145:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.145:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.145:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.148:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.148:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.154:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.155:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.156:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.64:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.64:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-2.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.65:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.65:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-2.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.66:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.66:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-2.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.67:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.67:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-2.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.60:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.62:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.63:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.64:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.65:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.66:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.67:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.68:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.143:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.6:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.8:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.218:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.38:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.39:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.40:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.42:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.150:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.161:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.162:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.163:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.172:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.64:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.65:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.67:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.68:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.69:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.69:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.69:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.70:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.70:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.70:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.71:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.71:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.71:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.71:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.72:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.72:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.72:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.72:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.73:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.74:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.74:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@ehg-kasperskylab.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Admin\Cookies\admin@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.23:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.31:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.32:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.72:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.73:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.74:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.78:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.79:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.80:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.81:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.107:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.108:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.109:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.110:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.111:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.130:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.131:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.132:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-3.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.134:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.135:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.135:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.135:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.136:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.136:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.136:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.136:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.138:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.138:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.138:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.139:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.139:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.161:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.162:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.163:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-11.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.168:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.169:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.170:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-2.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.59:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.60:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-10.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.14:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.14:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.15:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.15:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-8.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.16:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.17:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.18:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.6:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.6:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.6:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.7:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.7:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.7:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.7:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.8:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.8:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.8:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.8:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-4.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-5.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-6.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-7.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-9.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.105:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.106:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.107:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\aruygb33.default\cookies-12.txt -> TrackingCookie.Zedo : Cleaned.


::Report end



here's the new comboscan:



ComboScan v20070226.18 run by Admin on 2007-03-03 at 11:17:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Admin.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:17:47 AM, on 3/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\unBlackList.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Admin\Desktop\comboscan.exe
C:\DOCUME~1\Admin\Desktop\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Surf the Web at your own risk!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [RaidTool] "C:\Program Files\VIA\RAID\raid_tool.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µnBlackList] "C:\Program Files\SlySoft\AnyDVD\unBlackList.exe"
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134841150578
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


-- Files created between 2007-02-03 and 2007-03-03 ------------------------------

2007-03-02 18:36:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-03-02 16:40:27 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-02 16:40:18 0 d-------- C:\Program Files\Grisoft
2007-02-28 18:10:31 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-28 18:10:31 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-28 18:10:31 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-28 18:10:29 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-28 18:10:29 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-28 18:10:26 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-27 16:55:53 0 d-------- C:\CloneDVDTemp<CLONED~1>
2007-02-27 16:53:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Elaborate Bytes<ELABOR~1>
2007-02-27 16:53:04 0 d-------- C:\Documents and Settings\Admin\Application Data\SlySoft
2007-02-26 1805 1826 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-26 17:57:29 966609 ---hs---- C:\WINDOWS\system32\pqstv.bak1<PQSTV~1.BAK>
2007-02-26 16:49:31 0 d-------- C:\Documents and Settings\Administrator.USER-856C1D9BFD\Application Data\Webroot
2007-02-26 16:47:51 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Webroot
2007-02-26 16:22:59 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-26 16:22:59 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-26 16:22:59 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-26 16:22:59 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-26 16:21:58 0 d-------- C:\Program Files\Webroot
2007-02-26 16:21:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2007-02-26 16:19:32 0 d-------- C:\Documents and Settings\Admin\Application Data\Webroot
2007-02-22 18:20:07 966709 ---hs---- C:\WINDOWS\system32\bbadd.bak1<BBADD~1.BAK>
2007-02-22 17:49:06 281652 --ahs---- C:\WINDOWS\system32\geebb.dll
2007-02-19 16:23:55 0 d-------- C:\Program Files\Acoustica Beatcraft<ACOUST~1>
2007-02-19 14:05:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic<MEDIAP~1>
2007-02-19 14:03:57 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-02-19 14:03:55 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-02-19 14:03:55 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real
2007-02-19 14:03:55 0 d-------- C:\Documents and Settings\Admin\Application Data\Real
2007-02-19 13:02:12 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound<NCHSWI~1>
2007-02-18 17:29:46 225280 --a------ C:\WINDOWS\system32\rewire.dll
2007-02-18 17:29:46 0 d-------- C:\Program Files\VstPlugins<VSTPLU~1>
2007-02-18 11:57:05 0 d-------- C:\Documents and Settings\Admin\Application Data\NCH Swift Sound<NCHSWI~1>
2007-02-18 11:56:07 0 d-------- C:\Program Files\NCH Swift Sound<NCHSWI~1>
2007-02-16 18:05:41 0 d-------- C:\Documents and Settings\Admin\Application Data\Azureus
2007-02-16 18:05:21 0 d-------- C:\Program Files\Azureus
2007-02-13 20:52:01 86016 --a------ C:\WINDOWS\unvise32.exe
2007-02-12 19:09:44 0 d-------- C:\Program Files\Avi2Dvd
2007-02-07 17:27:19 0 d-------- C:\My Downloads<MYDOWN~1>
2007-02-04 20:13:26 126976 --a------ C:\WINDOWS\system32\iavlsp.dll
2007-02-04 19:59:32 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-02-03 15:14:24 335 --a------ C:\WINDOWS\mozregistry.dat<MOZREG~1.DAT>
2007-02-03 15:12:49 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>


-- Find3M Report ----------------------------------------------------------------

2007-03-02 21:19:20 0 d-------- C:\Program Files\Java
2007-03-01 18:13:56 0 d-------- C:\Program Files\Yahoo!
2007-03-01 18:13:25 0 d-------- C:\Program Files\XviD
2007-03-01 18:13:15 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-01 18:13:09 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-03-01 18:12:35 0 d-------- C:\Program Files\SuperTux
2007-03-01 18:10:04 0 d-------- C:\Program Files\SBC Self Support Tool<SBCSEL~1>
2007-03-01 18:09:53 0 d-------- C:\Program Files\Realtek AC97<REALTE~2>
2007-03-01 18:09:38 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-03-01 18:09:38 0 d-------- C:\Program Files\OfficeUpdate11<OFFICE~1>
2007-03-01 18:09:00 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-01 18:04:40 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~3>
2007-03-01 18:04:39 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-01 18:04:36 0 d-------- C:\Program Files\LimeWire
2007-03-01 18:04:25 0 d-------- C:\Program Files\LexmarkX63<LEXMAR~1>
2007-03-01 18:00:49 0 d-------- C:\Program Files\Hijackthis<HIJACK~1>
2007-03-01 18:00:35 0 d-------- C:\Program Files\DVD Shrink<DVDSHR~1>
2007-03-01 18:00:34 0 d-------- C:\Program Files\DVD Decrypter<DVDDEC~1>
2007-03-01 18:00:33 0 d-------- C:\Program Files\DV TS<DVTS~1>
2007-03-01 18:00:27 0 d-------- C:\Program Files\DivX
2007-03-01 18:00:18 0 d-------- C:\Program Files\DAMN NFO Viewer<DAMNNF~1>
2007-03-01 17:56:36 0 d-------- C:\Program Files\Common Files\Motive
2007-03-01 17:55:24 0 d-------- C:\Program Files\Common Files\Kaspersky Lab<KASPER~1>
2007-03-01 17:54:55 0 d-------- C:\Program Files\CCleaner
2007-03-01 17:53:54 0 d-------- C:\Program Files\AvRack
2007-03-01 17:53:53 0 d-------- C:\Program Files\AviSynth 2.5<AVISYN~1.5>
2007-03-01 17:52:38 0 d-------- C:\Program Files\AOD
2007-03-01 17:52:37 0 d-------- C:\Program Files\AIM6
2007-03-01 17:51:20 0 d-------- C:\Program Files\AIM
2007-03-01 17:50:59 0 d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter<ACE-HI~1>
2007-03-01 17:31:37 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2007-03-01 17:31:33 0 d-------- C:\Documents and Settings\Admin\Application Data\MSNInstaller<MSNINS~1>
2007-03-01 17:31:33 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla
2007-03-01 17:31:05 0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2007-03-01 17:30:33 0 d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM
2007-02-23 16:43:28 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-18 18:19:23 56314 --a------ C:\Documents and Settings\Admin\Application Data\speech.wav
2007-02-02 21:30:31 0 d-------- C:\Program Files\Common Files\SWF Studio<SWFSTU~1>
2007-01-29 02:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-21 19:47:39 0 d-------- C:\Program Files\Elaborate Bytes<ELABOR~1>
2007-01-21 19:46:31 0 d-------- C:\Program Files\SlySoft
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:38:04 0 d---s---- C:\Documents and Settings\Admin\Application Data\Microsoft<MICROS~1>
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 12:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-13 14:24:42 89296 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2006-12-12 14:15:08 845312 --a------ C:\WINDOWS\system32\Smab.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"µnBlackList"="\"C:\\Program Files\\SlySoft\\AnyDVD\\unBlackList.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RaidTool"="\"C:\\Program Files\\VIA\\RAID\\raid_tool.exe\""
"KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"lxamsp32.exe"="lxamsp32.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ArcSoft\\MEDIAC~1\\MCCMON~1.EXE -r"
"item"="Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mavenapp://maven.net/nike/jogatv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NikeJogaTV"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DRIVES~1"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"inimapping"="0"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSystemAnalyzer"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="1"
"hkey"="HKCU"
"command"="1"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C47A9554-195A-4769-9B13-04F15B450A39}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command G:\LaunchU3.exe -a

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac442ae2-864e-11db-82f5-00508d79493f}]
Shell\AutoRun\command G:\LaunchU3.exe -a


-- End of ComboScan: finished at 2007-03-03 at 11:18:39 -------------------------
MyDingo21 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-03-2007, 08:16 PM   #19 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,972
OS: WinXP and Vista


Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

It's important that you don't do any 'fixing' on your end in between replies.

--------------------------------------------------------------------

Download the attached mydingo.zip file to your desktop. Do not run it yet.

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Delete the following files:

C:\WINDOWS\system32\pqstv.bak1
C:\WINDOWS\system32\bbadd.bak1

--------------------------------------------------------------------

Double click on the mydingo.zip folder, then double click on the .reg file within. Click yes to allow it to merge into your registry.

--------------------------------------------------------------------


Open HijackThis. Click on Open the Misc Tools Section.
  • On the screen, click on "Delete a file on reboot...".
  • Navigate to C:\WINDOWS\system32\geebb.dll and double click on that file.
  • HJT will ask you if you want to reboot, now. Click "Yes".
--------------------------------------------------------------------

Run another online scan at Kaspersky and save the report.

--------------------------------------------------------------------

Run another scan with ComboScan.exe

--------------------------------------------------------------------

Include the following in your next reply:

Kaspersky results
New ComboScan.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Last edited by Ried; 04-19-2007 at 10:28 PM.
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-04-2007, 09:42 AM   #20 (permalink)
Registered User
 
MyDingo21's Avatar
 
Join Date: Jan 2006
Location: Chi- city
Posts: 91
OS: XP pro sp2


i'll get around to it later today sry i worked yesterday and i got a project to do for school today... i'll get to it soon.thnxxx
MyDingo21 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:10 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84