Sytem is Infected - Highly I Fear

Wolfdog · 06-24-2007, 11:36 AM

Hi, first post here even though I have been watching for help with my problem, I haven't seen anything specific to it.

I have a few issues going on with the system. I run only Norton for both anti-virus and spyware. After a recommendation from a freind I downloaded Spy Boot Search and Destroy; it detected 166 problems and fixed all but one that was called "My Way - My Web Search" which had 41 entries to it. After that I download Lavasoft's program Ad-Aware and found no critical objects but 58 items in Privacy and it removed 14 infections.

Also when I start up my system a small window comes up with "Windows Installer" and another "Instant Share". The only way to get these to stop is to do a Ctrl Alt Delete.

Yes, the system runs quite slow!~! Think I see why. I do not know how to run a log file for you to review so will need help.

Thank you for any assistance you can give me.

Clark76 · 06-24-2007, 06:20 PM

Please follow the instructions in MicroBell's 5 Step Process found here
There are detailed instructions on how to create the needed log(s).

Then reply to this post with the requested log(s) and an Analyst will be along to review the log(s) as soon as possible.

Wolfdog · 06-25-2007, 05:59 AM

Sorry, I was so anxious for help I failed to read your directions. I have completed the 5 steps - except #1 - Panda Active Scan would not start, even though I did have the pop ups set to off. Attached are the requested log files except the Panda one.

I failed to mention - I am a Netscape user and rarely use Explorer, on occassion other members of the family will use Explorer.

Deckard's System Scanner v20070611.50
Run by Tom on 2007-06-25 at 07:40:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
40: 2007-06-25 11:40:36 UTC - RP876 - Deckard's System Scanner Restore Point
39: 2007-06-25 11:34:45 UTC - RP875 - Software Distribution Service 3.0
38: 2007-06-24 17:08:50 UTC - RP874 - Removed J2SE Runtime Environment 5.0 Update 9
37: 2007-06-24 17:07:14 UTC - RP873 - Removed J2SE Runtime Environment 5.0 Update 11
36: 2007-06-24 17:05:20 UTC - RP872 - Removed J2SE Runtime Environment 5.0 Update 10

-- First Restore Point --
1: 2007-04-01 19:19:36 UTC - RP837 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-06-25 07:47:21
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16473)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hardware\Mouse\Amoumain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Hardware\Keyboard\Ikeymain.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\HP\digital imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Download Files\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra 'Tools' menuitem: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} () - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 kbfilter (Keyboard Filter Driver) - c:\windows\system32\drivers\kbfilter.sys <Not Verified; WayTech Development, Inc.; Keyboard filter driver>
R1 moufiltr (Mouse Filter Driver) - c:\windows\system32\drivers\moufiltr.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R3 Amps2prt (Compatible PS/2 Port Mouse Driver) - c:\windows\system32\drivers\amps2prt.sys <Not Verified; (Standard Mouse Types); iWheelWorks Mouse Driver>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 AdobeActiveFileMonitor (Adobe Active File Monitor) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe
R2 PhotoshopElementsDeviceConnect (Photoshop Elements Device Connect) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe

S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Scheduled Tasks -------------------------------------------------------------

2007-06-24 21:47:01 312 --a------ C:\WINDOWS\Tasks\HP Usg Daily.job
2007-06-24 21:00:00 526 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Tom.job
2007-06-24 14:00:00 524 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - Tom.job
2007-06-24 09:47:04 448 --a------ C:\WINDOWS\Tasks\WebReg 20050625094755.job

-- Files created between 2007-05-25 and 2007-06-25 -----------------------------

2007-06-25 07:35:00 0 d-------- C:\WINDOWS\LastGood
2007-06-25 07:24:51 0 d-------- C:\Program Files\SpywareBlaster
2007-06-24 11:15:35 0 d-------- C:\Program Files\Lavasoft
2007-06-24 11:15:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-06-24 11:13:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-24 10:32:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-06-20 09:51:03 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-06-04 15:18:48 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
2007-06-04 15:17:02 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
2007-06-04 15:14:56 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>

-- Find3M Report ---------------------------------------------------------------

2007-06-24 21:57:33 12805 --a------ C:\WINDOWS\mozver.dat
2007-06-24 13:09:17 0 d-------- C:\Program Files\Java
2007-06-17 18:54:51 0 d-------- C:\Program Files\Norton AntiVirus
2007-06-17 18:54:45 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-17 18:41:03 0 d-------- C:\Program Files\Symantec
2007-05-08 11:34:58 1901 --a----c- C:\WINDOWS\panose.bin
2007-05-02 20:13:37 0 d-------- C:\Program Files\HP
2007-04-13 15:19:52 7680 --a------ C:\WINDOWS\system32\lsdelete.exe

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} C:\Program Files\Norton AntiVirus\NavShExt.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WheelMouse"="C:\\PROGRA~1\\Hardware\\Mouse\\Amoumain.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"S3TRAY2"="S3tray2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LyraHD2TrayApp"="\"C:\\Program Files\\Thomson\\Lyra Jukebox\\LyraHDTrayApp\\LYRAHD2TrayApp.exe\""
"iKeyWorks"="C:\\PROGRA~1\\Hardware\\Keyboard\\Ikeymain.exe"
"HPHUPD06"="C:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
"HPHmon06"="C:\\WINDOWS\\system32\\hphmon06.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb11.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

-- End of Deckard's System Scanner: finished at 2007-06-25 at 07:49:49 ---------

Deckard's System Scanner v20070611.50
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) Processor
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 503.55 MiB / 368.54 MiB
Pagefile Memory (total/avail): 1229.37 MiB / 843.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1967.66 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.27 GiB total, 9.2 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Worm Protection v2006 (Symantec)
AV: Norton AntiVirus 2006 v2005 (Symantec Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Tom\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-MAZZA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Tom
LOGONSERVER=\\HOME-MAZZA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 4 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0402
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Tom\LOCALS~1\Temp
TMP=C:\DOCUME~1\Tom\LOCALS~1\Temp
USERDOMAIN=HOME-MAZZA
USERNAME=Tom
USERPROFILE=C:\Documents and Settings\Tom
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Tom (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\UNNMIX.exe /UNINSTALL
--> MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{46AC899A-9ECB-43DC-85DE-272E0D116A1E}
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000702}
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000703}
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000704}
Adobe PageMaker 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\PageMaker 7.0\Uninst.isu" -c"C:\Program Files\Adobe\PageMaker 7.0\Uninst.dll"
Adobe Photoshop Elements 3.0 --> MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
DVD X Copy Platinum 4.0.3 --> "C:\Program Files\321Studios\Platinum\uninstall.exe"
DVD X Rescue --> C:\PROGRA~1\321STU~1\DVDXRE~1\UNWISE.EXE C:\PROGRA~1\321STU~1\DVDXRE~1\INSTALL.LOG
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HP Image Zone 4.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart 7400 Series --> rundll32 hpzcon11.dll,VendorJettison HP Photosmart 7400 Series
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
iKeyWorks 6.16 --> C:\Program Files\Hardware\Keyboard\Uninst32.exe
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iWheelWorks V7.42 --> C:\Program Files\Hardware\Mouse\Uninst32.exe
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KONICA MINOLTA PagePro 1350W --> MUINST_Q.EXE /PRN:"KONICA MINOLTA PagePro 1350W"
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Lyra Jukebox Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3374B4A6-5595-4667-882D-755ABE093806}\setup.exe" -l0x9
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
MP3 Player Utilities 4.07 --> MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
NAVShortcut --> MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
Netscape (7.0) --> C:\WINDOWS\NSUninst.exe /ua "7.0 (en)"
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
QuickBooks Pro Edition 2003 --> C:\Program Files\Installshield Installation Information\{237a4b22-78c2-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b22-78c2-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
Quicken 2003 Premier Home & Business --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2A3E87C5-ED9D-427F-9E0F-C06E8EAD6351} anything
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
StompSoft Registry Repair 2005 --> C:\PROGRA~1\STOMPS~1\REGIST~1\UNWISE.EXE C:\PROGRA~1\STOMPS~1\REGIST~1\INSTALL.LOG
Street Maps USA --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Cosmi\Street Maps\DeIsL1.isu" -c"C:\Program Files\Cosmi\Street Maps\_ISREG32.DLL"
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Connect --> msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect --> MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Yahoo! extras --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

-- End of Deckard's System Scanner: finished at 2007-06-25 at 07:49:49 ---------

Wolfdog · 06-26-2007, 11:45 AM

BUMP - It's been 2 days and I haven't heard back since I posted log.

Wolfdog · 06-27-2007, 04:28 AM

BUMP

Or should I start post over?

Clark76 · 06-27-2007, 03:01 PM

Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Clark76 · 06-27-2007, 09:02 PM

Hello again

Please print out or save the following instructions in Notepad. Please also stay with me until I declare you clean.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

==================

Downloads

Please download Cleanup! and install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

WARNING: Do not run cleanup under Windows XP x64 Edition. If you're not sure if you have the 64-bit version of Windows then you probably do not; however, you can check by using IE to download the whichcpu tool and then running it.

-------------------------------

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows Installation Files"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the main Status screen, under Your Computer's Security, click Resident Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Do Not Automatically generate report after every scan"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

==================

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

==================

Reboot

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

=================

Click > Start > Control Panel > Add / Remove Programs and uninstall the following program:

Viewpoint Media Player

=================

Open HijackThis and click on 'Do a System Scan Only'. Check the following entry (If it still exists)

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB

Please remember to close all other windows, including browsers then click Fix checked.

=================

Delete the following Folder indicated in BLUE if it still exists.

C:\Program Files\Viewpoint

=================

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

Empty Recycle Bins
Delete Cookies
Delete Prefetch files (if present)
Cleanup! All Users
Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.

Click OK
Press the CleanUp! button to start the program.
Do NOT reboot/logoff when prompted.

=================

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

=================

Reboot

Reboot your system in Normal Mode.

=================

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

=================

Please run Deckard's System Scanner again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK

"%userprofile%\desktop\dss.exe" /config

Tick Extra Log and Add/Remove

Click Scan!

When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
Click Upload.

==================

Please provide the following logs with your next post:

AVG Anti-Spyware report
Kaspersky report
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt <----Attached

Also include an update on how your system is running

Wolfdog · 06-28-2007, 04:57 PM

HI:
I have followed the step completely and am now at the Kaspersky Online Scanner - it seems to be stuck - it has run for 25 minutes and says only 2% complete. I tried starting it over and went to 14 with the same issue.

Since it took over 2 hours to run the AVG. I stopped it. I have alot of programs and files on this computer (obviously)

Should I continue to the Deckard System Scanner? Didn't want to proceed until asked since you stated it was important to follow the steps as outlined and the Kaspersky is one of the reports I needed to post.

Waiting for futher instructions.

Clark76 · 06-29-2007, 06:02 PM

I should have warned you, AVG will take a long time to scan if you have more than one HDD and you also have a high volume of files. You must be patient and let it run, as it will help the cleaning of your system. Please try AVG again, in safe mode, skip running Kaspersky for now, then run Deckard System Scanner as previously instructed.

Wolfdog · 06-29-2007, 06:44 PM

I had completed the AVG scan - it just took 2 hours that is why I wondered how long the Kaspersky one would really take. So attached is the results of the AVG and DSS scans.

Thanks for your help.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:58:03 PM 6/28/2007

+ Scan result:

C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned.
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-686cd5c0-442e88e4.zip/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-686cd5c0-442e88e4.zip/SuperMSClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
:mozilla.10:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\kzw983dl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.10:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\kzw983dl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.314:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.315:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.316:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.317:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.318:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.319:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.320:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.321:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.322:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.323:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.324:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.325:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.326:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.327:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.328:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.329:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.330:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.331:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.332:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.333:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.334:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.335:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.336:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.337:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.338:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.339:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.340:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.341:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.342:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.343:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.344:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.345:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.346:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.347:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.348:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.349:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.350:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.351:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.352:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.353:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.354:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.355:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.356:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.357:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.358:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.359:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.360:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.361:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.362:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.363:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.556:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.705:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\kzw983dl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\kzw983dl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Ad-logics : Cleaned.
:mozilla.299:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.300:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.301:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.302:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.582:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.214:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.107:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.523:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.524:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.525:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.526:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.527:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.52:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.53:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.17:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\kzw983dl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\kzw983dl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\kzw983dl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\kzw983dl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.418:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.419:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.420:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.421:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.422:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.423:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.424:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.61:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.679:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.86:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Bluemountain : Cleaned.
:mozilla.87:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Bluemountain : Cleaned.
:mozilla.88:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Bluemountain : Cleaned.
:mozilla.89:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Bluemountain : Cleaned.
:mozilla.51:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.502:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.499:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.500:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.501:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.17:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.429:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.430:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.431:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.432:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.433:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.434:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.435:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.436:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.742:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.743:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.118:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.22:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\kzw983dl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.56:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.9:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.94:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Euniverseads : Cleaned.
:mozilla.479:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.480:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.481:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.482:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.483:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.624:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.627:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.10:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.11:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.13:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.14:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.16:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.17:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.19:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.20:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.20:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.21:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.21:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.34:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.35:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.573:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.577:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.585:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.618:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.74:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.75:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.76:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.77:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.312:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.313:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.578:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.579:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.557:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.227:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.119:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.54:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.55:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.462:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.58:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.195:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.62:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.12:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\kzw983dl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.14:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\kzw983dl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.20:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\kzw983dl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.425:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.426:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.427:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.428:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.122:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.410:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.411:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.412:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.42:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.47:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.744:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.745:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.746:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.747:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.40:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.856:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.857:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.858:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.859:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.860:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.861:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.862:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.863:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.18:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.773:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.775:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.776:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.777:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.778:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.16:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.23:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\kzw983dl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.24:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\kzw983dl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.25:C:\Documents and Settings\LocalService\Application Data\Netscape\NSB\Profiles\kzw983dl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.27:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom\Mozilla\Profiles\default\2kv0gnvx.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.28:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom\Mozilla\Profiles\default\2kv0gnvx.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.503:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.504:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.505:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.86:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.87:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.88:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.89:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.90:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.91:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.134:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.135:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.136:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.137:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.138:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.139:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.140:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.141:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.142:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.143:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.144:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.145:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.146:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.147:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.148:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.149:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.150:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.151:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.152:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.153:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.154:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.155:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.156:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.157:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.158:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.159:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.160:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.161:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.162:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.163:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.164:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.165:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.166:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.167:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.168:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.169:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.170:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.171:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.172:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.173:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.174:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.175:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.176:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.177:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.178:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.179:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.180:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.181:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.182:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.183:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.640:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.641:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.642:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.643:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.644:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.645:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.646:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.647:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.648:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.649:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.650:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.651:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.652:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.653:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.654:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.655:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.656:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.657:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.658:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.659:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.660:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.661:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.105:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.106:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.107:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.116:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.20:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom\Mozilla\Profiles\default\2kv0gnvx.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.21:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom\Mozilla\Profiles\default\2kv0gnvx.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.22:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom\Mozilla\Profiles\default\2kv0gnvx.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.23:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom\Mozilla\Profiles\default\2kv0gnvx.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.444:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.445:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.446:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.447:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.448:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.449:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.450:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.451:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.452:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.453:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.454:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.259:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.260:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.261:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.262:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.263:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.264:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.265:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.266:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.267:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.31:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom\Mozilla\Profiles\default\2kv0gnvx.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.23:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.24:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.25:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.26:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.27:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.28:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.29:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.30:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.678:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.41:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.43:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.44:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.45:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.46:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.78:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.79:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.80:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.81:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.82:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.83:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.84:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.85:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.455:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.102:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.103:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.104:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.105:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.26:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.27:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.28:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.29:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.31:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.32:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.63:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.100:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.26:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom\Mozilla\Profiles\default\2kv0gnvx.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom\Mozilla\Profiles\default\2kv0gnvx.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.96:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.97:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.98:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.99:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.10:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom\Mozilla\Profiles\default\2kv0gnvx.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.11:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom\Mozilla\Profiles\default\2kv0gnvx.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.12:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom\Mozilla\Profiles\default\2kv0gnvx.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.13:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom\Mozilla\Profiles\default\2kv0gnvx.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.14:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom\Mozilla\Profiles\default\2kv0gnvx.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.37:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.38:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.39:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.40:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.41:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.42:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.43:C:\Documents and Settings\Tom\Application Data\Netscape\NSB\Profiles\ydl0syy7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.56:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.57:C:\Documents and Settings\Tom\Desktop\mazza5-12\Tom.TOM-G4NOWAH7XLT\Mozilla\Profiles\default\432o0zn6.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\32\68608760-7729613f/Dex.class -> Trojan.ClassLoader.g : Cleaned.
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\32\68608760-7729613f/Dix.class -> Trojan.ClassLoader.g : Cleaned.
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\32\68608760-7729613f/Dux.class -> Trojan.ClassLoader.g : Cleaned.
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-4f071e52-2f26ffbf.zip/Dex.class -> Trojan.ClassLoader.g : Cleaned.
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-4f071e52-2f26ffbf.zip/Dix.class -> Trojan.ClassLoader.g : Cleaned.
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-4f071e52-2f26ffbf.zip/Dux.class -> Trojan.ClassLoader.g : Cleaned.

::Report end

Deckard's System Scanner v20070611.50
Run by Tom on 2007-06-29 at 20:38:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Tom.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:38:40 PM, on 6/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Tom\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Tom.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.northjersey.com/"); (C:\Documents and Settings\Tom\Application Data\Mozilla\Profiles\default\85k53p7p.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tom\Application Data\Mozilla\Profiles\default\85k53p7p.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-- Files created between 2007-05-29 and 2007-06-29 -----------------------------

2007-06-28 18:13:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-06-28 18:13:04 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-28 08:26:40 0 d-------- C:\Documents and Settings\Tom\Application Data\Grisoft
2007-06-28 08:25:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-06-25 07:24:51 0 d-------- C:\Program Files\SpywareBlaster
2007-06-24 10:32:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-06-20 09:51:03 0 d-------- C:\WINDOWS\SxsCaPendDel

-- Find3M Report ---------------------------------------------------------------

2007-06-29 19:12:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-29 18:18:19 12805 --a------ C:\WINDOWS\mozver.dat
2007-06-24 13:09:17 0 d-------- C:\Program Files\Java
2007-06-17 18:54:51 0 d-------- C:\Program Files\Norton AntiVirus
2007-06-17 18:41:03 0 d-------- C:\Program Files\Symantec
2007-05-08 11:34:58 1901 --a----c- C:\WINDOWS\panose.bin
2007-05-02 20:13:37 0 d-------- C:\Program Files\HP

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} C:\Program Files\Norton AntiVirus\NavShExt.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WheelMouse"="C:\\PROGRA~1\\Hardware\\Mouse\\Amoumain.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"S3TRAY2"="S3tray2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LyraHD2TrayApp"="\"C:\\Program Files\\Thomson\\Lyra Jukebox\\LyraHDTrayApp\\LYRAHD2TrayApp.exe\""
"iKeyWorks"="C:\\PROGRA~1\\Hardware\\Keyboard\\Ikeymain.exe"
"HPHUPD06"="C:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
"HPHmon06"="C:\\WINDOWS\\system32\\hphmon06.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb11.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

-- End of Deckard's System Scanner: finished at 2007-06-29 at 20:39:11 ---------

Clark76 · 06-29-2007, 07:41 PM

Was a extra.txt created when you ran DSS.exe? It should be located here:
C:\Deckard\System Scanner\extra.txt

Please attach it here.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
Click Upload.

Wolfdog · 06-29-2007, 08:07 PM

Sorry it didn't make an extra one this time. The only one at that location is dated 6/25/07 which is the first one posted.

Should I redo the DSS?

Clark76 · 06-30-2007, 05:07 AM

Hello

Clear Java Cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave BOTH Checked
Applications and Applets

Trace and Log Files
Click OK in the Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Settings Window
Click OK to leave the Java Control Panel.

=================

Establish an internet connection with Internet Explorer and go here and do the BitDefender online virus scan.

Click "I Agree" to agree to the EULA.
Allow the ActiveX control to install when prompted.
Leave the scanning options at default and press "Click here to scan" to begin the scan.
Please refrain from using the computer until the scan is finished.
When the scan is finished, click on "Click here to export the scan results"
Save the report to your desktop then come back here and post it in your next reply.

Please be patient with this scan as it could take some time to run.

How is your system running?

Wolfdog · 06-30-2007, 10:43 AM

Your right, it took awhile!!! Once completed I had a message at the top - that said "This computer is still infected". This report was saved in HTML, hope that was correct.

The system is running must faster in surfing. I haven't rebooted so should the Instant Share and Windows Installer be delted? I will check once I send this report and let you know.

Thanks for all our help - I am now understanding we are highly infected. Will await further instructions.

BitDefender Online Scanner
Scan report generated at: Sat, Jun 30, 2007 - 12:23:37
Scan path: A:\;C:\;E:\;F:\;

Statistics Time 03:25:24

Files 332606

Folders 5963

Boot Sectors 2

Archives 49828

Packed Files 9945

Results

Identified Viruses 7

Infected Files 25

Suspect Files 0

Warnings 0

Disinfected 0

Deleted Files 41

Engines Info

Virus Definitions 636067

Engine build AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins 14

Archive plugins 38

Unpack plugins 6

E-mail plugins 6

System plugins 1

Scan Settings

First Action Disinfect

Second Action Delete

Heuristics Yes

Enable Warnings Yes

Scanned Extensions *;

Exclude Extensions

Scan Emails Yes

Scan Archives Yes

Scan Packed Yes

Scan Files Yes

Scan Boot Yes

Scanned File

Status

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28D74F15.wmf=>(Quarantine-2)

Infected with: Exploit.Win32.WMF-PFV

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28D74F15.wmf=>(Quarantine-2)

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28D74F15.wmf=>(Quarantine-2)

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\350A1038.tmp=>(Quarantine-2)

Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\350A1038.tmp=>(Quarantine-2)

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\350A1038.tmp=>(Quarantine-2)

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3521361F.tmp=>(Quarantine-2)

Infected with: Trojan.Java.ClassLoader.D

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3521361F.tmp=>(Quarantine-2)

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3521361F.tmp=>(Quarantine-2)

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3524601C.tmp=>(Quarantine-2)

Infected with: Java.Trojan.Exploit.Bytverify.I

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3524601C.tmp=>(Quarantine-2)

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3524601C.tmp=>(Quarantine-2)

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36711AAD.tmp=>(Quarantine-2)

Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36711AAD.tmp=>(Quarantine-2)

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36711AAD.tmp=>(Quarantine-2)

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36786EA6.tmp=>(Quarantine-2)

Infected with: Trojan.Java.ClassLoader.D

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36786EA6.tmp=>(Quarantine-2)

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36786EA6.tmp=>(Quarantine-2)

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\367B18A2.tmp=>(Quarantine-2)

Infected with: Java.Trojan.Exploit.Bytverify.I

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\367B18A2.tmp=>(Quarantine-2)

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\367B18A2.tmp=>(Quarantine-2)

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36956886.tmp=>(Quarantine-2)

Infected with: Trojan.Exploit.ByteVerify.L

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36956886.tmp=>(Quarantine-2)

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36956886.tmp=>(Quarantine-2)

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>BaaaaBaa.class

Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>BaaaaBaa.class

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>BaaaaBaa.class

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)

Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>VaaaaaaaBaa.class

Infected with: Trojan.Java.ClassLoader.D

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>VaaaaaaaBaa.class

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>VaaaaaaaBaa.class

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)

Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dvnny.class

Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dvnny.class

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dvnny.class

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)

Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Baaaaa.class

Infected with: Java.Trojan.Exploit.Bytverify.I

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Baaaaa.class

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Baaaaa.class

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)

Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dix.class

Infected with: Trojan.Java.ClassLoader.D

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dix.class

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dix.class

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)

Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dux.class

Infected with: Trojan.Java.ClassLoader.D

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dux.class

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dux.class

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)

Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00

Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DC66280.tmp=>(Quarantine-2)

Infected with: Trojan.Exploit.ByteVerify.L

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DC66280.tmp=>(Quarantine-2)

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DC66280.tmp=>(Quarantine-2)

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55333BFF.wmf=>(Quarantine-2)

Infected with: Exploit.Win32.WMF-PFV

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55333BFF.wmf=>(Quarantine-2)

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55333BFF.wmf=>(Quarantine-2)

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7227E5.wmf=>(Quarantine-2)

Infected with: Exploit.Win32.WMF-PFV

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7227E5.wmf=>(Quarantine-2)

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7227E5.wmf=>(Quarantine-2)

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C026A5A.wmf=>(Quarantine-2)

Infected with: Exploit.Win32.WMF-PFV

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C026A5A.wmf=>(Quarantine-2)

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C026A5A.wmf=>(Quarantine-2)

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\655E510F.wmf=>(Quarantine-2)

Infected with: Exploit.Win32.WMF-PFV

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\655E510F.wmf=>(Quarantine-2)

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\655E510F.wmf=>(Quarantine-2)

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B7B707E.wmf=>(Quarantine-2)

Infected with: Exploit.Win32.WMF-PFV

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B7B707E.wmf=>(Quarantine-2)

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B7B707E.wmf=>(Quarantine-2)

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78036471.wmf=>(Quarantine-2)

Infected with: Exploit.Win32.WMF-PFV

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78036471.wmf=>(Quarantine-2)

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78036471.wmf=>(Quarantine-2)

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78AC6661.wmf=>(Quarantine-2)

Infected with: Exploit.Win32.WMF-PFV

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78AC6661.wmf=>(Quarantine-2)

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78AC6661.wmf=>(Quarantine-2)

Deleted

C:\Documents and Settings\Tom\Desktop\mazza5-12\FunBuddyIconsSetup2.0.3.7.exe

Infected with: Trojan.Muldrop.1326.V

C:\Documents and Settings\Tom\Desktop\mazza5-12\FunBuddyIconsSetup2.0.3.7.exe

Disinfection failed

C:\Documents and Settings\Tom\Desktop\mazza5-12\FunBuddyIconsSetup2.0.3.7.exe

Deleted

C:\System Volume Information\_restore{9CCE0FF9-EEC1-4CE7-810A-FB6FA4374649}\RP867\A0090738.DLL

Detected with: Application.Adware.Funweb.A

C:\System Volume Information\_restore{9CCE0FF9-EEC1-4CE7-810A-FB6FA4374649}\RP867\A0090738.DLL

Disinfection failed

C:\System Volume Information\_restore{9CCE0FF9-EEC1-4CE7-810A-FB6FA4374649}\RP867\A0090738.DLL

Deleted

C:\System Volume Information\_restore{9CCE0FF9-EEC1-4CE7-810A-FB6FA4374649}\RP881\A0091991.exe

Infected with: Trojan.Muldrop.1326.V

C:\System Volume Information\_restore{9CCE0FF9-EEC1-4CE7-810A-FB6FA4374649}\RP881\A0091991.exe

Disinfection failed

C:\System Volume Information\_restore{9CCE0FF9-EEC1-4CE7-810A-FB6FA4374649}\RP881\A0091991.exe

Deleted

Clark76 · 07-01-2007, 07:26 AM

Hello

According to your BitDefender log it does not look bad. Almost everything was found in Norton AntiVirus's Quarantine and in your system restore which is easily fixed. Besides that, your logs are clean

=============

Empty Norton Quarantine Folder

1. Open Norton AntiVirus by double clicking the 'Shield' icon located in the right hand bottom corner of your computer screen.
2. Double click the 'View' folder. It is located on the left side of the Norton AntiVirus window. This will expand the folder and display the contents.
3. Click on the 'Quarantine' icon. The right side of the Norton AntiVirus window will now list the contents of your quarantine folder.
4. Select the item you wish to remove and click on RED 'X' icon to delete it.
5. This will open the 'Take Action' window. Click the 'Start Delete' button to remove the infected file from your computer.
6. Repeat for any other quarantined files.
7. When you are done removing files, click the 'Exit' button in the bottom left hand corner of the Norton AntiVirus window.

=============

Please re-enable TeaTimer now that you are clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
check the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

=============

Flush the System Restore Points

To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

This will create a new Restore Point.

================

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

=================================================

This is a good time to set up protection against further attacks. Read TonyKlein's How Did I Get Infected In The First Place?. You need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard, to prevent spyware intrusions. IE-Spyad is another excellent program that places over 4000 websites and domains in the IE Restricted list, which will help prevent attempts to infect your system. All of the above have good free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

More information and downloads are available at the following links:

Spyware Blaster
Spyware Guard
IE-Spyad

================

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

================

Please respond to this thread one more time so we can mark this thread as Resolved.

================

If you are still having problems with windows popping up for Windows Installer and Instant Share after rebooting then please start a new thread in the Windows XP Support Forum. Let them know that you have been cleaned from any signs of malware here and provide them a link to this thread.

Wolfdog · 07-03-2007, 10:08 AM

THANK YOU for all the help. The system is running much smoother.

The instant share is still popping up when I log on, I will contact the XP experts.

Thanks again for all your fine work at this site.

Clark76 · 07-03-2007, 10:19 AM

You are welcome

I am sure the techs over at Windows XP Support Forum will be able to help you

06-24-2007, 11:36 AM	#1 (permalink)
Wolfdog Registered User Join Date: Jun 2007 Posts: 9 OS: XP	Sytem is Infected - Highly I Fear Hi, first post here even though I have been watching for help with my problem, I haven't seen anything specific to it. I have a few issues going on with the system. I run only Norton for both anti-virus and spyware. After a recommendation from a freind I downloaded Spy Boot Search and Destroy; it detected 166 problems and fixed all but one that was called "My Way - My Web Search" which had 41 entries to it. After that I download Lavasoft's program Ad-Aware and found no critical objects but 58 items in Privacy and it removed 14 infections. Also when I start up my system a small window comes up with "Windows Installer" and another "Instant Share". The only way to get these to stop is to do a Ctrl Alt Delete. Yes, the system runs quite slow!~! Think I see why. I do not know how to run a log file for you to review so will need help. Thank you for any assistance you can give me.

06-24-2007, 06:20 PM	#2 (permalink)
Clark76 Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: Cleveland, Ohio Posts: 1,641 OS: XP Pro, Vista, Ubuntu 8.10	Re: Sytem is Infected - Highly I Fear Please follow the instructions in MicroBell's 5 Step Process found here There are detailed instructions on how to create the needed log(s). Then reply to this post with the requested log(s) and an Analyst will be along to review the log(s) as soon as possible. __________________ Proud Member of ASAP Proud Member of UNITE If you feel we've helped you, Please Donate to the Forum

06-25-2007, 05:59 AM	#3 (permalink)
Wolfdog Registered User Join Date: Jun 2007 Posts: 9 OS: XP	Re: Sytem is Infected - Highly I Fear Sorry, I was so anxious for help I failed to read your directions. I have completed the 5 steps - except #1 - Panda Active Scan would not start, even though I did have the pop ups set to off. Attached are the requested log files except the Panda one. I failed to mention - I am a Netscape user and rarely use Explorer, on occassion other members of the family will use Explorer. Deckard's System Scanner v20070611.50 Run by Tom on 2007-06-25 at 07:40:20 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 40: 2007-06-25 11:40:36 UTC - RP876 - Deckard's System Scanner Restore Point 39: 2007-06-25 11:34:45 UTC - RP875 - Software Distribution Service 3.0 38: 2007-06-24 17:08:50 UTC - RP874 - Removed J2SE Runtime Environment 5.0 Update 9 37: 2007-06-24 17:07:14 UTC - RP873 - Removed J2SE Runtime Environment 5.0 Update 11 36: 2007-06-24 17:05:20 UTC - RP872 - Removed J2SE Runtime Environment 5.0 Update 10 -- First Restore Point -- 1: 2007-04-01 19:19:36 UTC - RP837 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of HijackThis v1.99.1 Scan saved at 2007-06-25 07:47:21 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16473) Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hardware\Mouse\Amoumain.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\S3tray2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe C:\Program Files\Hardware\Keyboard\Ikeymain.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\HP\digital imaging\bin\hpqgalry.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\My Download Files\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra 'Tools' menuitem: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} () - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 kbfilter (Keyboard Filter Driver) - c:\windows\system32\drivers\kbfilter.sys <Not Verified; WayTech Development, Inc.; Keyboard filter driver> R1 moufiltr (Mouse Filter Driver) - c:\windows\system32\drivers\moufiltr.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access> R3 Amps2prt (Compatible PS/2 Port Mouse Driver) - c:\windows\system32\drivers\amps2prt.sys <Not Verified; (Standard Mouse Types); iWheelWorks Mouse Driver> R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service> R2 AdobeActiveFileMonitor (Adobe Active File Monitor) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe R2 PhotoshopElementsDeviceConnect (Photoshop Elements Device Connect) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> -- Scheduled Tasks ------------------------------------------------------------- 2007-06-24 21:47:01 312 --a------ C:\WINDOWS\Tasks\HP Usg Daily.job 2007-06-24 21:00:00 526 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Tom.job 2007-06-24 14:00:00 524 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - Tom.job 2007-06-24 09:47:04 448 --a------ C:\WINDOWS\Tasks\WebReg 20050625094755.job -- Files created between 2007-05-25 and 2007-06-25 ----------------------------- 2007-06-25 07:35:00 0 d-------- C:\WINDOWS\LastGood 2007-06-25 07:24:51 0 d-------- C:\Program Files\SpywareBlaster 2007-06-24 11:15:35 0 d-------- C:\Program Files\Lavasoft 2007-06-24 11:15:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-06-24 11:13:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-24 10:32:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-06-20 09:51:03 0 d-------- C:\WINDOWS\SxsCaPendDel 2007-06-04 15:18:48 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections> 2007-06-04 15:17:02 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection> 2007-06-04 15:14:56 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys <Not Verified; Lavasoft AB; Ad-Watch Beta> -- Find3M Report --------------------------------------------------------------- 2007-06-24 21:57:33 12805 --a------ C:\WINDOWS\mozver.dat 2007-06-24 13:09:17 0 d-------- C:\Program Files\Java 2007-06-17 18:54:51 0 d-------- C:\Program Files\Norton AntiVirus 2007-06-17 18:54:45 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-06-17 18:41:03 0 d-------- C:\Program Files\Symantec 2007-05-08 11:34:58 1901 --a----c- C:\WINDOWS\panose.bin 2007-05-02 20:13:37 0 d-------- C:\Program Files\HP 2007-04-13 15:19:52 7680 --a------ C:\WINDOWS\system32\lsdelete.exe -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} C:\Program Files\Norton AntiVirus\NavShExt.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WheelMouse"="C:\\PROGRA~1\\Hardware\\Mouse\\Amoumain.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "S3TRAY2"="S3tray2.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "LyraHD2TrayApp"="\"C:\\Program Files\\Thomson\\Lyra Jukebox\\LyraHDTrayApp\\LYRAHD2TrayApp.exe\"" "iKeyWorks"="C:\\PROGRA~1\\Hardware\\Keyboard\\Ikeymain.exe" "HPHUPD06"="C:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe" "HPHmon06"="C:\\WINDOWS\\system32\\hphmon06.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb11.exe" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\"" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe" "NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\"" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 -- End of Deckard's System Scanner: finished at 2007-06-25 at 07:49:49 --------- Deckard's System Scanner v20070611.50 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) Processor Percentage of Memory in Use: 26% Physical Memory (total/avail): 503.55 MiB / 368.54 MiB Pagefile Memory (total/avail): 1229.37 MiB / 843.84 MiB Virtual Memory (total/avail): 2047.88 MiB / 1967.66 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 37.27 GiB total, 9.2 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: Norton Internet Worm Protection v2006 (Symantec) AV: Norton AntiVirus 2006 v2005 (Symantec Corporation) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe::Enabled:Yahoo! FT Server" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Tom\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=HOME-MAZZA ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Tom LOGONSERVER=\\HOME-MAZZA NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 4 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0402 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Tom\LOCALS~1\Temp TMP=C:\DOCUME~1\Tom\LOCALS~1\Temp USERDOMAIN=HOME-MAZZA USERNAME=Tom USERPROFILE=C:\Documents and Settings\Tom windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Tom (admin)* -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 --> C:\WINDOWS\UNNMIX.exe /UNINSTALL --> MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware 2007 --> MsiExec.exe /X{46AC899A-9ECB-43DC-85DE-272E0D116A1E} Adobe Acrobat 7.0.1 and Reader 7.0.1 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000702} Adobe Acrobat 7.0.2 and Reader 7.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000703} Adobe Acrobat 7.0.3 and Reader 7.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000704} Adobe PageMaker 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\PageMaker 7.0\Uninst.isu" -c"C:\Program Files\Adobe\PageMaker 7.0\Uninst.dll" Adobe Photoshop Elements 3.0 --> MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382} Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB} DVD X Copy Platinum 4.0.3 --> "C:\Program Files\321Studios\Platinum\uninstall.exe" DVD X Rescue --> C:\PROGRA~1\321STU~1\DVDXRE~1\UNWISE.EXE C:\PROGRA~1\321STU~1\DVDXRE~1\INSTALL.LOG GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} HP Image Zone 4.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Photosmart 7400 Series --> rundll32 hpzcon11.dll,VendorJettison HP Photosmart 7400 Series HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134} iKeyWorks 6.16 --> C:\Program Files\Hardware\Keyboard\Uninst32.exe Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4} iWheelWorks V7.42 --> C:\Program Files\Hardware\Mouse\Uninst32.exe Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} KONICA MINOLTA PagePro 1350W --> MUINST_Q.EXE /PRN:"KONICA MINOLTA PagePro 1350W" LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Lyra Jukebox Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3374B4A6-5595-4667-882D-755ABE093806}\setup.exe" -l0x9 Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46} Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5 Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} MP3 Player Utilities 4.07 --> MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9} MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall NAVShortcut --> MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F} Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall Netscape (7.0) --> C:\WINDOWS\NSUninst.exe /ua "7.0 (en)" Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe" Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B} Norton AntiVirus 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe" /X Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8} Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43} Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8} Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6} Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4} overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC} Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat QuickBooks Pro Edition 2003 --> C:\Program Files\Installshield Installation Information\{237a4b22-78c2-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b22-78c2-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1} Quicken 2003 Premier Home & Business --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2A3E87C5-ED9D-427F-9E0F-C06E8EAD6351} anything RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" StompSoft Registry Repair 2005 --> C:\PROGRA~1\STOMPS~1\REGIST~1\UNWISE.EXE C:\PROGRA~1\STOMPS~1\REGIST~1\INSTALL.LOG Street Maps USA --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Cosmi\Street Maps\DeIsL1.isu" -c"C:\Program Files\Cosmi\Street Maps\_ISREG32.DLL" Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09} Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68} Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} Windows Media Connect --> msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B} Windows Media Connect --> MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B} Yahoo! extras --> C:\PROGRA~1\Yahoo!\Common\unyext.exe Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- End of Deckard's System Scanner: finished at 2007-06-25 at 07:49:49 ---------

06-26-2007, 11:45 AM	#4 (permalink)
Wolfdog Registered User Join Date: Jun 2007 Posts: 9 OS: XP	Re: Sytem is Infected - Highly I Fear BUMP - It's been 2 days and I haven't heard back since I posted log.

06-27-2007, 04:28 AM	#5 (permalink)
Wolfdog Registered User Join Date: Jun 2007 Posts: 9 OS: XP	Re: Sytem is Infected - Highly I Fear BUMP Or should I start post over?

06-27-2007, 03:01 PM	#6 (permalink)
Clark76 Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: Cleveland, Ohio Posts: 1,641 OS: XP Pro, Vista, Ubuntu 8.10	Re: Sytem is Infected - Highly I Fear Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately. I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p Please be patient with me during this time. You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. __________________ Proud Member of ASAP Proud Member of UNITE If you feel we've helped you, Please Donate to the Forum

06-27-2007, 09:02 PM	#7 (permalink)
Clark76 Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: Cleveland, Ohio Posts: 1,641 OS: XP Pro, Vista, Ubuntu 8.10	Re: Sytem is Infected - Highly I Fear Hello again Please print out or save the following instructions in Notepad. Please also stay with me until I declare you clean. IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER. ================== Downloads Please download Cleanup! and install it. You will use this later. NOTE Cleanup deletes EVERYTHING out of temporary folders and does not make backups. WARNING: Do not run cleanup under Windows XP x64 Edition. If you're not sure if you have the 64-bit version of Windows then you probably do not; however, you can check by using IE to download the whichcpu tool and then running it. ------------------------------- Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows Installation Files" Install AVG Anti Spyware Double-click the icon on Desktop to launch AVG On the main Status screen, under Your Computer's Security, click Resident Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Do Not Automatically generate report after every scan" When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly. ================== While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean. Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. ================== Reboot Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. ================= Click > Start > Control Panel > Add / Remove Programs and uninstall the following program: Viewpoint Media Player ================= Open HijackThis and click on 'Do a System Scan Only'. Check the following entry (If it still exists) O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB Please remember to close all other windows, including browsers then click Fix checked. ================= Delete the following Folder indicated in BLUE if it still exists. C:\Program Files\Viewpoint ================= Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following (Make sure nothing else is checked!): Empty Recycle Bins Delete Cookies Delete Prefetch files (if present) Cleanup! All Users Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked. Click OK Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted. ================= Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). ================= Reboot Reboot your system in Normal Mode. ================= Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. ================= Please run Deckard's System Scanner again, this time using these instructions: Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK "%userprofile%\desktop\dss.exe" /config Tick Extra Log and Add/Remove Click Scan! When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here. Please attach extra.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt Click Upload. ================== Please provide the following logs with your next post: AVG Anti-Spyware report Kaspersky report C:\Deckard\System Scanner\main.txt C:\Deckard\System Scanner\extra.txt <----Attached Also include an update on how your system is running __________________ Proud Member of ASAP Proud Member of UNITE If you feel we've helped you, Please Donate to the Forum

06-28-2007, 04:57 PM	#8 (permalink)
Wolfdog Registered User Join Date: Jun 2007 Posts: 9 OS: XP	Re: Sytem is Infected - Highly I Fear HI: I have followed the step completely and am now at the Kaspersky Online Scanner - it seems to be stuck - it has run for 25 minutes and says only 2% complete. I tried starting it over and went to 14 with the same issue. Since it took over 2 hours to run the AVG. I stopped it. I have alot of programs and files on this computer (obviously) Should I continue to the Deckard System Scanner? Didn't want to proceed until asked since you stated it was important to follow the steps as outlined and the Kaspersky is one of the reports I needed to post. Waiting for futher instructions.

06-29-2007, 06:02 PM	#9 (permalink)
Clark76 Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: Cleveland, Ohio Posts: 1,641 OS: XP Pro, Vista, Ubuntu 8.10	Re: Sytem is Infected - Highly I Fear I should have warned you, AVG will take a long time to scan if you have more than one HDD and you also have a high volume of files. You must be patient and let it run, as it will help the cleaning of your system. Please try AVG again, in safe mode, skip running Kaspersky for now, then run Deckard System Scanner as previously instructed. __________________ Proud Member of ASAP Proud Member of UNITE If you feel we've helped you, Please Donate to the Forum

06-29-2007, 07:41 PM	#11 (permalink)
Clark76 Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: Cleveland, Ohio Posts: 1,641 OS: XP Pro, Vista, Ubuntu 8.10	Re: Sytem is Infected - Highly I Fear Was a extra.txt created when you ran DSS.exe? It should be located here: C:\Deckard\System Scanner\extra.txt Please attach it here. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt Click Upload. __________________ Proud Member of ASAP Proud Member of UNITE If you feel we've helped you, Please Donate to the Forum

06-29-2007, 08:07 PM	#12 (permalink)
Wolfdog Registered User Join Date: Jun 2007 Posts: 9 OS: XP	Re: Sytem is Infected - Highly I Fear Sorry it didn't make an extra one this time. The only one at that location is dated 6/25/07 which is the first one posted. Should I redo the DSS?

06-30-2007, 05:07 AM	#13 (permalink)
Clark76 Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: Cleveland, Ohio Posts: 1,641 OS: XP Pro, Vista, Ubuntu 8.10	Re: Sytem is Infected - Highly I Fear Hello Clear Java Cache Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH Checked Applications and Applets Trace and Log Files Click OK in the Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Settings Window Click OK to leave the Java Control Panel. ================= Establish an internet connection with Internet Explorer and go here and do the BitDefender online virus scan. Click "I Agree" to agree to the EULA. Allow the ActiveX control to install when prompted. Leave the scanning options at default and press "Click here to scan" to begin the scan. Please refrain from using the computer until the scan is finished. When the scan is finished, click on "Click here to export the scan results" Save the report to your desktop then come back here and post it in your next reply. Please be patient with this scan as it could take some time to run. How is your system running? __________________ Proud Member of ASAP Proud Member of UNITE If you feel we've helped you, Please Donate to the Forum

06-30-2007, 10:43 AM	#14 (permalink)
Wolfdog Registered User Join Date: Jun 2007 Posts: 9 OS: XP	Re: Sytem is Infected - Highly I Fear Your right, it took awhile!!! Once completed I had a message at the top - that said "This computer is still infected". This report was saved in HTML, hope that was correct. The system is running must faster in surfing. I haven't rebooted so should the Instant Share and Windows Installer be delted? I will check once I send this report and let you know. Thanks for all our help - I am now understanding we are highly infected. Will await further instructions. BitDefender Online Scanner Scan report generated at: Sat, Jun 30, 2007 - 12:23:37 Scan path: A:\;C:\;E:\;F:\; Statistics Time 03:25:24 Files 332606 Folders 5963 Boot Sectors 2 Archives 49828 Packed Files 9945 Results Identified Viruses 7 Infected Files 25 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 41 Engines Info Virus Definitions 636067 Engine build AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27) Scan plugins 14 Archive plugins 38 Unpack plugins 6 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28D74F15.wmf=>(Quarantine-2) Infected with: Exploit.Win32.WMF-PFV C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28D74F15.wmf=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28D74F15.wmf=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\350A1038.tmp=>(Quarantine-2) Infected with: Java.Trojan.Exploit.Bytverify C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\350A1038.tmp=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\350A1038.tmp=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3521361F.tmp=>(Quarantine-2) Infected with: Trojan.Java.ClassLoader.D C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3521361F.tmp=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3521361F.tmp=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3524601C.tmp=>(Quarantine-2) Infected with: Java.Trojan.Exploit.Bytverify.I C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3524601C.tmp=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3524601C.tmp=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36711AAD.tmp=>(Quarantine-2) Infected with: Java.Trojan.Exploit.Bytverify C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36711AAD.tmp=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36711AAD.tmp=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36786EA6.tmp=>(Quarantine-2) Infected with: Trojan.Java.ClassLoader.D C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36786EA6.tmp=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36786EA6.tmp=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\367B18A2.tmp=>(Quarantine-2) Infected with: Java.Trojan.Exploit.Bytverify.I C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\367B18A2.tmp=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\367B18A2.tmp=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36956886.tmp=>(Quarantine-2) Infected with: Trojan.Exploit.ByteVerify.L C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36956886.tmp=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36956886.tmp=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>BaaaaBaa.class Infected with: Java.Trojan.Exploit.Bytverify C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>BaaaaBaa.class Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>BaaaaBaa.class Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2) Updated C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>VaaaaaaaBaa.class Infected with: Trojan.Java.ClassLoader.D C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>VaaaaaaaBaa.class Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>VaaaaaaaBaa.class Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2) Updated C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dvnny.class Infected with: Java.Trojan.Exploit.Bytverify C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dvnny.class Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dvnny.class Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2) Updated C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Baaaaa.class Infected with: Java.Trojan.Exploit.Bytverify.I C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Baaaaa.class Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Baaaaa.class Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2) Updated C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dix.class Infected with: Trojan.Java.ClassLoader.D C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dix.class Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dix.class Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2) Updated C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dux.class Infected with: Trojan.Java.ClassLoader.D C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dux.class Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2)=>Dux.class Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00=>(Quarantine-2) Updated C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD67E00 Update failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DC66280.tmp=>(Quarantine-2) Infected with: Trojan.Exploit.ByteVerify.L C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DC66280.tmp=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DC66280.tmp=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55333BFF.wmf=>(Quarantine-2) Infected with: Exploit.Win32.WMF-PFV C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55333BFF.wmf=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55333BFF.wmf=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7227E5.wmf=>(Quarantine-2) Infected with: Exploit.Win32.WMF-PFV C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7227E5.wmf=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7227E5.wmf=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C026A5A.wmf=>(Quarantine-2) Infected with: Exploit.Win32.WMF-PFV C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C026A5A.wmf=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C026A5A.wmf=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\655E510F.wmf=>(Quarantine-2) Infected with: Exploit.Win32.WMF-PFV C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\655E510F.wmf=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\655E510F.wmf=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B7B707E.wmf=>(Quarantine-2) Infected with: Exploit.Win32.WMF-PFV C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B7B707E.wmf=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B7B707E.wmf=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78036471.wmf=>(Quarantine-2) Infected with: Exploit.Win32.WMF-PFV C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78036471.wmf=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78036471.wmf=>(Quarantine-2) Deleted C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78AC6661.wmf=>(Quarantine-2) Infected with: Exploit.Win32.WMF-PFV C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78AC6661.wmf=>(Quarantine-2) Disinfection failed C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78AC6661.wmf=>(Quarantine-2) Deleted C:\Documents and Settings\Tom\Desktop\mazza5-12\FunBuddyIconsSetup2.0.3.7.exe Infected with: Trojan.Muldrop.1326.V C:\Documents and Settings\Tom\Desktop\mazza5-12\FunBuddyIconsSetup2.0.3.7.exe Disinfection failed C:\Documents and Settings\Tom\Desktop\mazza5-12\FunBuddyIconsSetup2.0.3.7.exe Deleted C:\System Volume Information\_restore{9CCE0FF9-EEC1-4CE7-810A-FB6FA4374649}\RP867\A0090738.DLL Detected with: Application.Adware.Funweb.A C:\System Volume Information\_restore{9CCE0FF9-EEC1-4CE7-810A-FB6FA4374649}\RP867\A0090738.DLL Disinfection failed C:\System Volume Information\_restore{9CCE0FF9-EEC1-4CE7-810A-FB6FA4374649}\RP867\A0090738.DLL Deleted C:\System Volume Information\_restore{9CCE0FF9-EEC1-4CE7-810A-FB6FA4374649}\RP881\A0091991.exe Infected with: Trojan.Muldrop.1326.V C:\System Volume Information\_restore{9CCE0FF9-EEC1-4CE7-810A-FB6FA4374649}\RP881\A0091991.exe Disinfection failed C:\System Volume Information\_restore{9CCE0FF9-EEC1-4CE7-810A-FB6FA4374649}\RP881\A0091991.exe Deleted

07-01-2007, 07:26 AM	#15 (permalink)
Clark76 Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: Cleveland, Ohio Posts: 1,641 OS: XP Pro, Vista, Ubuntu 8.10	Re: Sytem is Infected - Highly I Fear Hello According to your BitDefender log it does not look bad. Almost everything was found in Norton AntiVirus's Quarantine and in your system restore which is easily fixed. Besides that, your logs are clean ============= Empty Norton Quarantine Folder 1. Open Norton AntiVirus by double clicking the 'Shield' icon located in the right hand bottom corner of your computer screen. 2. Double click the 'View' folder. It is located on the left side of the Norton AntiVirus window. This will expand the folder and display the contents. 3. Click on the 'Quarantine' icon. The right side of the Norton AntiVirus window will now list the contents of your quarantine folder. 4. Select the item you wish to remove and click on RED 'X' icon to delete it. 5. This will open the 'Take Action' window. Click the 'Start Delete' button to remove the infected file from your computer. 6. Repeat for any other quarantined files. 7. When you are done removing files, click the 'Exit' button in the bottom left hand corner of the Norton AntiVirus window. ============= Please re-enable TeaTimer now that you are clean. Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". check the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. ============= Flush the System Restore Points To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK. Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK. This will create a new Restore Point. ================ It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection. ================================================= This is a good time to set up protection against further attacks. Read TonyKlein's How Did I Get Infected In The First Place?. You need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard, to prevent spyware intrusions. IE-Spyad is another excellent program that places over 4000 websites and domains in the IE Restricted list, which will help prevent attempts to infect your system. All of the above have good free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. More information and downloads are available at the following links: Spyware Blaster Spyware Guard IE-Spyad ================ If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. ================ Please respond to this thread one more time so we can mark this thread as Resolved. ================ If you are still having problems with windows popping up for Windows Installer and Instant Share after rebooting then please start a new thread in the Windows XP Support Forum. Let them know that you have been cleaned from any signs of malware here and provide them a link to this thread. __________________ Proud Member of ASAP Proud Member of UNITE If you feel we've helped you, Please Donate to the Forum

07-03-2007, 10:08 AM	#16 (permalink)
Wolfdog Registered User Join Date: Jun 2007 Posts: 9 OS: XP	Re: Sytem is Infected - Highly I Fear THANK YOU for all the help. The system is running much smoother. The instant share is still popping up when I log on, I will contact the XP experts. Thanks again for all your fine work at this site.

07-03-2007, 10:19 AM	#17 (permalink)
Clark76 Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: Cleveland, Ohio Posts: 1,641 OS: XP Pro, Vista, Ubuntu 8.10	Re: Sytem is Infected - Highly I Fear You are welcome I am sure the techs over at Windows XP Support Forum will be able to help you __________________ Proud Member of ASAP Proud Member of UNITE If you feel we've helped you, Please Donate to the Forum