Lots of issues

subzerolife · 10-10-2007, 09:27 PM

I have spyware and viruses that just wont go away, and i`m finally looking for help on the issues.

I currently run Ad-Aware, Spybot Search and Destroy, and because my license on AVG ran out and I don`t have the cash to buy a new one, i`ve been using Avira AntiVir for an antivirus. All of these are fully updated, as well.

I use XP Service Pack 2. I would have used the Panda scan but the page "Scan your PC now" linked to was blank.

I am currently doing a dss scan, but it its taking a while, so I will post the results in the morning,

Here is my HijackThis log. Any help would be appreciated :) I know this is all people giving up their free time to help others out. By the way, I do not know why there are like 3 winzips running, I see no indication of them.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:36 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Larry.LARCOMP\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MSVPS System - {05F79890-CFA6-4D53-87BC-2F390DA6645E} - C:\WINDOWS\bndsrsvk.dll
O2 - BHO: (no name) - {3C1F6EAF-612B-478F-BF2D-6ABD825905A8} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: The netadv - {899B0EF2-E0BE-41BA-BB41-0ABFB232813C} - C:\WINDOWS\netadv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RoamMfcdLiesThis] C:\Documents and Settings\All Users.WINDOWS\Application Data\nurb surf roam mfcd\Hidepure.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{35-59-95-55-ZN}] c:\windows\system32\qpdsregs.exe FI002
O4 - HKLM\..\Run: [w774c9b8.dll] RUNDLL32.EXE w774c9b8.dll,I2 00024aaf0774c9b8
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [win32069083-32483] C:\WINDOWS\win32069083-32483.exe
O4 - HKLM\..\Run: [ms04839083-324] C:\WINDOWS\ms04839083-324.exe
O4 - HKLM\..\Run: [ms0539083-3248] C:\WINDOWS\ms0539083-3248.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - HKCU\..\Run: [actx1.exe] C:\Documents and Settings\Larry.LARCOMP\Application Data\System Restore\actx1.exe
O4 - HKCU\..\Run: [zqactx1.exe] C:\WINDOWS\System32\zqactx1.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Asbr] "C:\PROGRA~1\COMMON~1\ASKS~1\wuaclt.exe" -vt yax
O4 - HKCU\..\Run: [Waj] C:\WINDOWS\APPATC~1\rundll32.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
O4 - HKLM\..\Policies\Explorer\Run: [ishost.exe] ishost.exe
O4 - HKLM\..\Policies\Explorer\Run: [issearch.exe] issearch.exe
O4 - HKLM\..\Policies\Explorer\Run: [kernel32.dll] C:\WINDOWS\system32\isnotify.exe
O4 - HKLM\..\Policies\Explorer\Run: [vpnxgv] C:\DOCUME~1\LARRY~1.LAR\LOCALS~1\Temp\vpnxgv.exe
O4 - HKCU\..\Policies\Explorer\Run: [{ECA35955-07CA-1033-0528-020326200001}] "C:\Program Files\Common Files\{ECA35955-07CA-1033-0528-020326200001}\Update.exe" mc-110-12-0000272
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\eliteunstall.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: sptbaxcab - http://www.try2find.com/toolbar/setup/sptbax.cab
O16 - DPF: {0645D7F3-C20E-4E0B-A545-557527497C0B} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d...APANEL_USA.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://liveca06.rightnowtech.com/7020-b375h/rnl/java
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0002.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/in...eanerstart.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_24.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://www.systemdoctor.com/download...reeInstall.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\spool32.dll,wbsys.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\ktpul7791.dll (file missing)
O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O21 - SSODL: msvb - {FFC17CE6-92F4-480A-9912-75B005FEA2E3} - C:\WINDOWS\msvb.dll
O21 - SSODL: sysdx - {7A68DD46-B37E-405D-B25D-FDD99C6BC7C5} - C:\WINDOWS\sysdx.dll
O22 - SharedTaskScheduler: {03413bf7-e34c-445b-bfc0-a2b127255871} - incestuously - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 13859 bytes

subzerolife · 10-11-2007, 06:22 AM

Deckard's System Scanner v20070905.67
Run by Larry on 2007-10-11 08:17:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 8.18 GiB (less than 15%) free.

-- HijackThis (run as Larry.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:44 AM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Larry.LARCOMP\Desktop\dss.exe
C:\DOCUME~1\LARRY~1.LAR\Desktop\Larry.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MSVPS System - {05F79890-CFA6-4D53-87BC-2F390DA6645E} - C:\WINDOWS\bndsrsvk.dll
O2 - BHO: (no name) - {3C1F6EAF-612B-478F-BF2D-6ABD825905A8} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: The netadv - {899B0EF2-E0BE-41BA-BB41-0ABFB232813C} - C:\WINDOWS\netadv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RoamMfcdLiesThis] C:\Documents and Settings\All Users.WINDOWS\Application Data\nurb surf roam mfcd\Hidepure.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{35-59-95-55-ZN}] c:\windows\system32\qpdsregs.exe FI002
O4 - HKLM\..\Run: [w774c9b8.dll] RUNDLL32.EXE w774c9b8.dll,I2 00024aaf0774c9b8
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [win32069083-32483] C:\WINDOWS\win32069083-32483.exe
O4 - HKLM\..\Run: [ms04839083-324] C:\WINDOWS\ms04839083-324.exe
O4 - HKLM\..\Run: [ms0539083-3248] C:\WINDOWS\ms0539083-3248.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - HKCU\..\Run: [actx1.exe] C:\Documents and Settings\Larry.LARCOMP\Application Data\System Restore\actx1.exe
O4 - HKCU\..\Run: [zqactx1.exe] C:\WINDOWS\System32\zqactx1.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Asbr] "C:\PROGRA~1\COMMON~1\ASKS~1\wuaclt.exe" -vt yax
O4 - HKCU\..\Run: [Waj] C:\WINDOWS\APPATC~1\rundll32.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
O4 - HKLM\..\Policies\Explorer\Run: [ishost.exe] ishost.exe
O4 - HKLM\..\Policies\Explorer\Run: [issearch.exe] issearch.exe
O4 - HKLM\..\Policies\Explorer\Run: [kernel32.dll] C:\WINDOWS\system32\isnotify.exe
O4 - HKLM\..\Policies\Explorer\Run: [vpnxgv] C:\DOCUME~1\LARRY~1.LAR\LOCALS~1\Temp\vpnxgv.exe
O4 - HKCU\..\Policies\Explorer\Run: [{ECA35955-07CA-1033-0528-020326200001}] "C:\Program Files\Common Files\{ECA35955-07CA-1033-0528-020326200001}\Update.exe" mc-110-12-0000272
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\eliteunstall.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: sptbaxcab - http://www.try2find.com/toolbar/setup/sptbax.cab
O16 - DPF: {0645D7F3-C20E-4E0B-A545-557527497C0B} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d...APANEL_USA.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://liveca06.rightnowtech.com/7020-b375h/rnl/java
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0002.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/in...eanerstart.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_24.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://www.systemdoctor.com/download...reeInstall.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\spool32.dll,wbsys.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\ktpul7791.dll (file missing)
O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O21 - SSODL: msvb - {FFC17CE6-92F4-480A-9912-75B005FEA2E3} - C:\WINDOWS\msvb.dll
O21 - SSODL: sysdx - {7A68DD46-B37E-405D-B25D-FDD99C6BC7C5} - C:\WINDOWS\sysdx.dll
O22 - SharedTaskScheduler: {03413bf7-e34c-445b-bfc0-a2b127255871} - incestuously - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 13456 bytes

-- Files created between 2007-09-11 and 2007-10-11 -----------------------------

2013-01-28 22:37:09 102400 --a------ C:\WINDOWS\system32\tsccvid.dll <Not Verified; TechSmith Corporation; TechSmith Screen Capture Codec>
2011-04-20 08:48:49 0 d-------- C:\Program Files\Common Files\Macromedia Shared
2011-04-20 08:47:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2010-12-22 00:22:58 0 d-------- C:\Program Files\HyperSnap 6
2010-09-08 17:32:32 0 d-------- C:\Program Files\Alcohol Soft
2010-08-13 22:56:13 0 d-------- C:\Program Files\ewido anti-spyware 4.0
2010-06-18 15:29:46 0 d-------- C:\Documents and Settings\Lawrence\win32clf
2010-06-16 14:44:14 0 d-------- C:\Documents and Settings\Lawrence\Application Data\NetPumper
2010-03-23 14:58:21 0 d-------- C:\Program Files\Alcohol
2010-03-11 17:29:53 0 d-------- C:\Program Files\Scrabble
2010-03-11 17:28:51 0 d-------- C:\Program Files\TryMedia
2010-03-11 17:28:45 0 d-------- C:\Program Files\PopCap Games
2010-02-04 16:48:33 0 d-------- C:\Program Files\ACARecorder203
2007-10-11 03:00:29 0 d-------- C:\WINDOWS\LastGood
2007-10-09 22:43:34 0 d-------- C:\Program Files\Avira
2007-10-09 22:43:34 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2007-10-09 16:52:33 0 d-------- C:\Program Files\SystemDefender
2007-10-09 16:46:32 49664 --a------ C:\WINDOWS\wsremover.exe
2007-10-09 16:46:32 323584 --a------ C:\WINDOWS\sysdx.dll
2007-10-09 16:46:32 290816 --a------ C:\WINDOWS\msvb.dll <Not Verified; ; msvb>
2007-10-09 16:46:31 79872 --a------ C:\WINDOWS\netadv.dll <Not Verified; ; netadv Module>
2007-10-09 16:46:31 274432 --a------ C:\WINDOWS\bndsrsvk.dll <Not Verified; ; bndsrsvk>
2007-09-17 01:36:44 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-09-17 01:36:43 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2007-09-17 01:30:29 0 dr-h----- C:\Documents and Settings\Larry.LARCOMP\Recent
2007-09-17 01:22:57 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2007-09-17 01:22:54 0 d-------- C:\Program Files\Stardock
2007-09-17 01:22:54 0 d-------- C:\Program Files\Common Files\Stardock

-- Find3M Report ---------------------------------------------------------------

2013-07-05 20:28:17 0 d-------- C:\Program Files\Copystar
2007-10-10 00:48:24 0 d-------- C:\Program Files\MailSkinner
2007-10-09 23:39:16 0 d-------- C:\Documents and Settings\Larry.LARCOMP\Application Data\inter bait
2007-10-09 18:33:01 0 d-------- C:\Program Files\World of Warcraft
2007-09-27 09:54:48 0 d-------- C:\Program Files\UI Central
2007-09-20 02:07:52 0 d-------- C:\Program Files\Steam
2007-09-17 01:22:54 0 d-------- C:\Program Files\Common Files
2007-09-17 00:24:43 0 d-------- C:\Program Files\Winamp
2007-08-22 23:21:51 0 d-------- C:\Documents and Settings\Larry.LARCOMP\Application Data\LimeWire
2007-08-11 09:30:43 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05F79890-CFA6-4D53-87BC-2F390DA6645E}]
10/09/2007 12:47 PM 274432 --a------ C:\WINDOWS\bndsrsvk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C1F6EAF-612B-478F-BF2D-6ABD825905A8}]
C:\WINDOWS\system32\awvtu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/16/2002 02:18 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/16/2002 02:05 AM]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [05/08/2003 02:34 PM]
"PRONoMgr.exe"="c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [10/23/2002 10:15 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [11/09/2006 04:07 PM]
"RoamMfcdLiesThis"="C:\Documents and Settings\All Users.WINDOWS\Application Data\nurb surf roam mfcd\Hidepure.exe" [12/28/2005 02:31 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/29/2006 10:02 PM]
"{35-59-95-55-ZN}"="c:\windows\system32\qpdsregs.exe" []
"w774c9b8.dll"="w774c9b8.dll" []
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"NetMeter"="C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe" []
"win32069083-32483"="C:\WINDOWS\win32069083-32483.exe" []
"ms04839083-324"="C:\WINDOWS\ms04839083-324.exe" []
"ms0539083-3248"="C:\WINDOWS\ms0539083-3248.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"AtiPTA"="atiptaxx.exe" [02/21/2006 08:05 PM C:\WINDOWS\system32\atiptaxx.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 11:54 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [10/10/2007 10:48 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 04:35 PM]
"stratas"="lockx.exe" []
"actx1.exe"="C:\Documents and Settings\Larry.LARCOMP\Application Data\System Restore\actx1.exe" []
"zqactx1.exe"="C:\WINDOWS\System32\zqactx1.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [08/19/2005 11:34 PM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [05/01/2006 07:55 PM]
"Fraps"="C:\FRAPS\FRAPS.EXE" [04/30/2006 09:46 AM]
"Steam"="c:\program files\steam\steam.exe" [07/09/2007 12:21 AM]
"Asbr"="C:\PROGRA~1\COMMON~1\ASKS~1\wuaclt.exe" []
"Waj"="C:\WINDOWS\APPATC~1\rundll32.exe" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [12/04/2006 06:28 PM]
"My Web Search Community Tools"="C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"stratas"=lockx.exe

C:\Documents and Settings\Larry.LARCOMP\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [9/23/2005 4:36:42 PM]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [12/15/2006 11:14:25 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ishost.exe"=ishost.exe
"issearch.exe"=issearch.exe
"kernel32.dll"=C:\WINDOWS\system32\isnotify.exe
"vpnxgv"=C:\DOCUME~1\LARRY~1.LAR\LOCALS~1\Temp\vpnxgv.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRun"=0 (0x0)
"DisallowCpl"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowCpl]
"1"=User Accounts

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{ECA35955-07CA-1033-0528-020326200001}"="C:\Program Files\Common Files\{ECA35955-07CA-1033-0528-020326200001}\Update.exe" mc-110-12-0000272

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msvb"= {FFC17CE6-92F4-480A-9912-75B005FEA2E3} - C:\WINDOWS\msvb.dll [10/09/2007 12:47 PM 290816]
"sysdx"= {7A68DD46-B37E-405D-B25D-FDD99C6BC7C5} - C:\WINDOWS\sysdx.dll [10/09/2007 12:47 PM 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Telephony]
C:\WINDOWS\system32\ktpul7791.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 12/20/2001 11:34 PM 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjks32]
winjks32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\spool32.dll,wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\setup.exe /autorun
directx\command- F:\DirectX\dxsetup.exe
setup\command- F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{befc8612-0b81-11db-893a-000802395360}]
AutoRun\command- F:\setup.exe /autorun
directx\command- F:\DirectX\dxsetup.exe
setup\command- F:\setup.exe

-- End of Deckard's System Scanner: finished at 2007-10-11 08:18:14 ------------

tetonbob · 10-13-2007, 07:31 PM

Hello, and Welcome to TSF.

Yuck....you've got evidence of several inactive old infections, as well as a new one. What have you been doing on the internet?

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

I see you have more than one Anti-Virus program installed, AVG and Avira. While this may seem like greater protection, it can cause problems including slowdowns and system hangs. It can also prevent the AV from doing it's job. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:

re-install the program -> reboot -> uninstall

-----------------------------------------------------------------------

Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop
Disconnect from the internet....pull the plug!
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: MSVPS System - {05F79890-CFA6-4D53-87BC-2F390DA6645E} - C:\WINDOWS\bndsrsvk.dll
O2 - BHO: (no name) - {3C1F6EAF-612B-478F-BF2D-6ABD825905A8} - C:\WINDOWS\system32\awvtu.dll (file missing)
O3 - Toolbar: The netadv - {899B0EF2-E0BE-41BA-BB41-0ABFB232813C} - C:\WINDOWS\netadv.dll
O4 - HKLM\..\Run: [RoamMfcdLiesThis] C:\Documents and Settings\All Users.WINDOWS\Application Data\nurb surf roam mfcd\Hidepure.exe
O4 - HKLM\..\Run: [{35-59-95-55-ZN}] c:\WINDOWS\system32\qpdsregs.exe FI002
O4 - HKLM\..\Run: [w774c9b8.dll] RUNDLL32.EXE w774c9b8.dll,I2 00024aaf0774c9b8
O4 - HKLM\..\Run: [win32069083-32483] C:\WINDOWS\win32069083-32483.exe
O4 - HKLM\..\Run: [ms04839083-324] C:\WINDOWS\ms04839083-324.exe
O4 - HKLM\..\Run: [ms0539083-3248] C:\WINDOWS\ms0539083-3248.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - HKCU\..\Run: [actx1.exe] C:\Documents and Settings\Larry.LARCOMP\Application Data\System Restore\actx1.exe
O4 - HKCU\..\Run: [zqactx1.exe] C:\WINDOWS\System32\zqactx1.exe
O4 - HKCU\..\Run: [Asbr] "C:\PROGRA~1\COMMON~1\ASKS~1\wuaclt.exe" -vt yax
O4 - HKCU\..\Run: [Waj] C:\WINDOWS\APPATC~1\rundll32.exe
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
O4 - HKLM\..\Policies\Explorer\Run: [ishost.exe] ishost.exe
O4 - HKLM\..\Policies\Explorer\Run: [issearch.exe] issearch.exe
O4 - HKLM\..\Policies\Explorer\Run: [kernel32.dll] C:\WINDOWS\system32\isnotify.exe
O4 - HKLM\..\Policies\Explorer\Run: [vpnxgv] C:\DOCUME~1\LARRY~1.LAR\LOCALS~1\Temp\vpnxgv.exe
O4 - HKCU\..\Policies\Explorer\Run: [{ECA35955-07CA-1033-0528-020326200001}] "C:\Program Files\Common Files\{ECA35955-07CA-1033-0528-020326200001}\Update.exe" mc-110-12-0000272
O4 - Startup: Zeno.lnk = C:\WINDOWS\eliteunstall.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: sptbaxcab - http://www.try2find.com/toolbar/setup/sptbax.cab
O16 - DPF: {0645D7F3-C20E-4E0B-A545-557527497C0B} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d...APANEL_USA.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://liveca06.rightnowtech.com/7020-b375h/rnl/java
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0002.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/in...eanerstart.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_24.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://www.systemdoctor.com/download...reeInstall.cab
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\ktpul7791.dll (file missing)
O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O21 - SSODL: msvb - {FFC17CE6-92F4-480A-9912-75B005FEA2E3} - C:\WINDOWS\msvb.dll
O21 - SSODL: sysdx - {7A68DD46-B37E-405D-B25D-FDD99C6BC7C5} - C:\WINDOWS\sysdx.dll
O22 - SharedTaskScheduler: {03413bf7-e34c-445b-bfc0-a2b127255871} - incestuously - (no file)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Close HijackThis now.

---------------------------------------------------------------------------------------------
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall
Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Re-establish an internet connection.
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

subzerolife · 10-15-2007, 06:40 PM

Hey, i`ve still got issues, but this is the results.

ComboFix 07-10-15.1 - Larry 2007-10-15 20:20:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.263 [GMT -4:00]
Script execution time was exceeded on script "C:\ComboFix\osid.vbs".
Script execution was terminated.
Running from: C:\Documents and Settings\Larry.LARCOMP\desktop\combofix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Larry.LARCOMP\Application Data\macromedia\Flash Player\#SharedObjects\3L3QDWRH\www.broadcaster.com
C:\Documents and Settings\Larry.LARCOMP\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Larry.LARCOMP\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Larry.LARCOMP\Desktop\Error Cleaner.url
C:\Documents and Settings\Larry.LARCOMP\Desktop\Privacy Protector.url
C:\Documents and Settings\Larry.LARCOMP\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Larry.LARCOMP\Favorites\Error Cleaner.url
C:\Documents and Settings\Larry.LARCOMP\Favorites\Privacy Protector.url
C:\Documents and Settings\Larry.LARCOMP\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Larry\Application Data\install.dat
C:\Documents and Settings\Larry\Application Data\install.dat
C:\Documents and Settings\Larry\Application Data\Sskcwrd.dll
C:\Documents and Settings\Larry\Application Data\Sskknwrd.dll
C:\Documents and Settings\Larry\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Larry\Start Menu\Programs\Startup\zeno.lnk
C:\Documents and Settings\Larry\Start Menu\Programs\Startup\zstart.lnk
C:\Program Files\cas
C:\Program Files\Common Files\{ECA35~1
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\asks~1\?asks\
C:\Program Files\Common Files\elitemediagroupoinuninstaller.exe
C:\Program Files\Common Files\uninstall information
C:\Program Files\fcengine
C:\Program Files\fcengine\patterns.dat
C:\Program Files\fcengine\Uninstall.exe
C:\Program Files\Seekmo Programs
C:\WINDOWS\appatc~1
C:\WINDOWS\dat.txt
C:\WINDOWS\keyboard81.dat
C:\WINDOWS\keyboard91.dat
C:\WINDOWS\msvb.dll
C:\WINDOWS\netadv.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\sysdx.dll
C:\WINDOWS\system32\components
C:\WINDOWS\system32\components\flx0.dll
C:\WINDOWS\system32\components\flx1.dll
C:\WINDOWS\system32\components\flx2.dll
C:\WINDOWS\system32\components\flx3.dll
C:\WINDOWS\system32\components\flx6.dll
C:\WINDOWS\system32\components\flx7.dll
C:\WINDOWS\system32\components\flx8.dll
C:\WINDOWS\system32\wintsvit.exe
C:\WINDOWS\system32\wintsvit.exe
C:\WINDOWS\win32069083-324832006.exe
C:\WINDOWS\wsremover.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))))
.

2007-10-15 20:14 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 16:55 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-10-15 16:55 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-10-14 10:24 140,202,521 --a------ C:\Documents and Settings\Larry.LARCOMP\WoW-2.2.3.7359-to-0.3.0.7382-enUS-patch.exe
2007-10-10 23:44 <DIR> d-------- C:\Deckard
2007-10-10 04:33 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 22:43 <DIR> d-------- C:\Program Files\Avira
2007-10-09 22:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2007-10-09 16:52 <DIR> d-------- C:\Program Files\SystemDefender
2007-09-17 14:23 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 14:23 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 14:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 14:22 739,840 --a------ C:\WINDOWS\system32\DivX.dll
2007-09-17 01:36 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-09-17 01:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-09-17 01:22 <DIR> d-------- C:\Program Files\Stardock
2007-09-17 01:22 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-09-17 01:22 36,864 --a------ C:\WINDOWS\system32\wbsys.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-06 00:28 --------- d-----w C:\Program Files\Copystar
2011-04-20 12:48 --------- d-----w C:\Program Files\Common Files\Macromedia Shared
2010-12-22 04:22 --------- d-----w C:\Program Files\HyperSnap 6
2010-09-08 21:32 --------- d-----w C:\Program Files\Alcohol Soft
2010-06-15 12:14 --------- d-----w C:\Documents and Settings\Lawrence\Application Data\Keyhole
2010-03-11 21:28 --------- d-----w C:\Program Files\TryMedia
2007-10-16 00:33 --------- d-----w C:\Program Files\Steam
2007-10-16 00:33 --------- d-----w C:\Documents and Settings\Larry.LARCOMP\Application Data\Xfire
2007-10-16 00:13 --------- d-----w C:\Program Files\Virtools Web Player 3.5
2007-10-15 21:02 --------- d-----w C:\Program Files\DivX
2007-10-15 00:32 --------- d-----w C:\Program Files\World of Warcraft
2007-10-10 03:39 --------- d-----w C:\Documents and Settings\Larry.LARCOMP\Application Data\inter bait
2007-09-27 13:54 --------- d-----w C:\Program Files\UI Central
2007-09-17 04:24 --------- d-----w C:\Program Files\Winamp
2007-08-23 03:21 --------- d-----w C:\Documents and Settings\Larry.LARCOMP\Application Data\LimeWire
2005-02-07 06:17 26,520 -c--a-w C:\Documents and Settings\Lawrence\Application Data\GDIPFONTCACHEV1.DAT
2005-01-12 21:01 70,821 -c--a-w C:\Program Files\Kerrigan Armageddon.scx
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-10-16 02:18]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-10-16 02:05]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 14:34]
"PRONoMgr.exe"="c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-10-23 10:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2006-12-29 22:02]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"NetMeter"="C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe" []
"AtiPTA"="atiptaxx.exe" [2006-02-21 20:05 C:\WINDOWS\system32\atiptaxx.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-10 22:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 16:35]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-19 23:34]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-05-01 19:55]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2006-04-30 09:46]
"Steam"="c:\program files\steam\steam.exe" [2007-07-09 00:21]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-12-04 18:28]

C:\Documents and Settings\Larry\Start Menu\Programs\Startup\
OpenOffice.org 1.1.4.lnk - C:\Program Files\OpenOffice\program\quickstart.exe [2004-10-28 01:10:00]

C:\Documents and Settings\Larry.LARCOMP\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 16:36:42]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2006-12-15 23:14:25]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-04-16 22:55:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\spool32.dll,wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

R0 Copystar;Copystar;C:\WINDOWS\system32\DRIVERS\copystar.sys
R1 nmconpid;nmconpid;C:\WINDOWS\system32\drivers\nmconpid.sys
R2 CdaD10BA;CdaD10BA;\??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
S3 kbkzrqfni;kbkzrqfni;\??\C:\Documents and Settings\Larry.LARCOMP\Desktop\Yay\kbkzrqfni.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys
S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command - F:\setup.exe /autorun
directx\command - F:\DirectX\dxsetup.exe
setup\command - F:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 12:39:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-15 07:16:00 C:\WINDOWS\Tasks\NotWhatYouSee.job"
- C:\Music\Not What You See.wma
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 20:31:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-15 20:36:32 - machine was rebooted
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:11 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Larry.LARCOMP\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\spool32.dll,wbsys.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9241 bytes

tetonbob · 10-15-2007, 07:25 PM

This machine was pretty messed up, and will take a while to clean.

Before we go to the next step, I need more information.

What is this folder for?

C:\Documents and Settings\Larry.LARCOMP\Desktop\Yay

Create an uninstall list:

Open HiJackThis
Click on the button " Open the Misc Tools section"
Click on the Box that says "Open Uninstall Manager"
Click on the button "Save list"
Copy and past the List from the notepad file into your post

Download fl.zip
Extract the contents to a new folder on your Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply

subzerolife · 10-15-2007, 08:05 PM

Quote:

Originally Posted by tetonbob

C:\Documents and Settings\Larry.LARCOMP\Desktop\Yay

Its just a folder with some programs I use, I couldn`t think of another name. Working on your instructions.

subzerolife · 10-15-2007, 08:09 PM

Ok, heres the info. By the way, I think what you guys do here is awesome.

545 Studios Skinstaller (remove only)
60 Tons Version '0.27'
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.7
AI RoboForm (All Users)
AI RoboForm Adapter for Firefox/Mozilla/Netscape
AIMutation (remove only)
Anti-Leech Plugin for Internet Explorer
AOL Instant Messenger
Apple Software Update
AquaMark3
ArmorGeddon
ATI Display Driver (Omega 3.8.273)
AV Music Morpher Gold
Avira AntiVir PersonalEdition Classic
BitTorrent 5.0.3
BoBaFeTT Diablo Trainer
Bulent's Screen Recorder 3
Crazy Tetris v.2.2
DebugMode Wax 2.0
Diablo
Digimax Master
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Easy MP3 Alarm Clock
Fantom CD
ffdshow [rev 1469] [2007-09-07]
FlashFXP v3
FlashGet(JetCar)
Fraps
Game Cam
GameSpy Arcade
GSpot Codec Information Appliance
GTK+ 2.10.6-1 runtime environment
Half-Life(R) 2
Halo Zero V1.8.6
HijackThis 2.0.2
HyperSnap 6
I'M
Intel(R) Extreme Graphics Driver Software
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
iPod for Windows 2005-11-17
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 5
JAM KT v3
JGoodies JDiskReport 1.3.0
K-Lite Codec Pack 2.54 Full
LimeWire 4.14.4
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Shockwave Player
MadOnion.com/3DMark2001 SE
MediaTickets by OIN
Microsoft .NET Framework 2.0
Microsoft Halo
Mozilla Firefox (1.5.0.12)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MultiRes (remove only)
MUSHclient (remove only)
Nielsen//NetRatings
OpenOffice.org 2.0
PIXresizer 1.0.9
Plato Video Creator 3.16
QuickTime
QuickTime Alternative 1.62
Radeon Omega Drivers v3.8.273 Setup Files and Tools
Real Alternative 1.44
S500/S600 USB Driver
Secure Game Player
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Silkroad
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
SoundMAX
Spybot - Search & Destroy 1.4
Star Wars Empire at War
Star Wars Jedi Knight Jedi Academy
Starcraft
Steam
System Requirements Lab
The Battle for Middle-earth (tm)
The File Splitter 1.31
The GIMP 2.2.13
Treads Launchpad
UI Central 3.0
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Ventrilo Client
VideoLAN VLC media player 0.8.6b
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VobSub v2.23 (Remove Only)
WavePad Uninstall
Winamp (remove only)
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888162
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
World of Warcraft
World of Warcraft Desktop
Xfire (remove only)
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
ZQHelper

Volume in drive C has no label.
Volume Serial Number is ECA3-5955

Directory of C:\Documents and Settings\Administrator\Application Data

02/03/2005 09:54 PM <DIR> .
02/03/2005 09:54 PM <DIR> ..
02/03/2005 09:54 PM <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 10,449,473,536 bytes free
Volume in drive C has no label.
Volume Serial Number is ECA3-5955

Directory of C:\Documents and Settings\All Users\Application Data

02/02/2005 10:41 AM <DIR> Adobe
02/02/2005 10:10 AM <DIR> America Online
06/12/2005 09:10 PM <DIR> Apple Computer
02/02/2005 10:49 AM <DIR> AVG7
02/02/2005 10:49 AM <DIR> Grisoft
04/20/2011 08:47 AM <DIR> Macromedia
06/08/2005 01:24 PM <DIR> Napster
04/05/2005 11:33 AM <DIR> PopCap
06/12/2005 01:49 PM <DIR> Real
04/26/2005 07:48 PM <DIR> Support.com
06/15/2005 07:53 AM <DIR> Viewpoint
0 File(s) 0 bytes
11 Dir(s) 10,449,469,440 bytes free
Volume in drive C has no label.
Volume Serial Number is ECA3-5955

Directory of C:\Documents and Settings\Larry\Application Data

08/11/2005 11:14 PM <DIR> Adobe
08/11/2005 11:19 PM 877 AdobeDLM.log
06/28/2005 06:12 PM <DIR> Aim
08/31/2005 09:48 PM <DIR> Apple Computer
10/04/2005 10:57 PM <DIR> AVG7
09/14/2005 08:18 AM <DIR> Block Checker
08/11/2005 11:19 PM 0 dm.ini
08/06/2005 03:20 PM <DIR> FlashTalk Communications
06/30/2005 10:31 PM <DIR> Help
06/27/2005 08:17 PM <DIR> Identities
10/05/2005 11:39 PM <DIR> Lavasoft
08/29/2005 01:01 AM <DIR> Macromedia
07/22/2005 11:51 PM <DIR> Mozilla
07/20/2005 12:31 PM <DIR> NetPumper
06/30/2005 12:08 AM <DIR> Real
06/30/2005 12:30 PM <DIR> Sun
07/29/2005 08:35 PM 74 sversion.ini
05/29/2005 02:14 PM 12 uns.tmp
07/07/2005 12:38 AM <DIR> {12EE7A5E-0674-42f9-A76B-000000004D00}
4 File(s) 963 bytes
15 Dir(s) 10,449,469,440 bytes free
Volume in drive C has no label.
Volume Serial Number is ECA3-5955

Directory of C:\Documents and Settings\Lawrence\Application Data

04/26/2005 03:14 PM <DIR> Adobe
02/15/2005 02:25 AM <DIR> AdobeUM
05/30/2005 09:54 AM <DIR> Aim
04/25/2005 04:46 PM <DIR> Apple Computer
02/03/2005 10:22 PM <DIR> ArcSoft
06/24/2005 12:15 AM <DIR> AVG7
05/31/2005 08:54 AM <DIR> Free Download Manager
02/07/2005 02:17 AM 26,520 GDIPFONTCACHEV1.DAT
02/03/2005 10:15 PM <DIR> Help
02/02/2005 07:11 AM <DIR> Identities
06/15/2010 08:14 AM <DIR> Keyhole
04/20/2011 08:51 AM <DIR> Macromedia
04/24/2005 09:17 AM <DIR> Mozilla
06/22/2005 10:13 PM <DIR> NetPumper
06/13/2005 11:31 AM <DIR> Real
06/08/2005 01:18 PM <DIR> Roxio
06/13/2005 03:36 PM <DIR> Shareaza
02/17/2005 02:00 AM <DIR> SmartFTP
04/16/2005 07:54 PM <DIR> SSH
04/25/2005 05:52 PM <DIR> Sun
02/04/2005 01:39 AM <DIR> Tenebril
1 File(s) 26,520 bytes
20 Dir(s) 10,449,469,440 bytes free
Volume in drive C has no label.
Volume Serial Number is ECA3-5955

Directory of C:\Documents and Settings\Owner\Application Data

02/02/2005 07:11 AM <DIR> Identities
0 File(s) 0 bytes
1 Dir(s) 10,449,469,440 bytes free
Volume in drive C has no label.
Volume Serial Number is ECA3-5955

Directory of C:\Documents and Settings\Default User\Application Data

09/17/2001 02:14 PM <DIR> .
09/17/2001 02:14 PM <DIR> ..
02/03/2005 10:53 PM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 10,449,465,344 bytes free
Volume in drive C has no label.
Volume Serial Number is ECA3-5955

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is ECA3-5955

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-Task'
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 10/09/2007 8:39:00
NextRun: 10/16/2007 8:39:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: ..T....
StartDate: 12/25/2006
EndDate: 00/00/0000
StartTime: 08:39
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[TRACE] Activating job 'NotWhatYouSee.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Music\Not What You See.wma'
Parameters: ''
WorkingDirectory: 'C:\Music'
Comment: ''
Creator: 'Larry'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 04/08/2006 8:30:00
NextRun: 10/16/2007 3:16:00
StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 1
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 09/24/2006
EndDate: 00/00/0000
StartTime: 03:16
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

tetonbob · 10-15-2007, 08:34 PM

Quote:

Originally Posted by subzerolife

Its just a folder with some programs I use, I couldn`t think of another name. Working on your instructions.

Programs which might install randomly named drivers?

S3 kbkzrqfni;kbkzrqfni;\??\C:\Documents and Settings\Larry.LARCOMP\Desktop\Yay\kbkzrqfni.sys

subzerolife · 10-15-2007, 08:36 PM

Is there a problem? I`m not sure what that means.

tetonbob · 10-15-2007, 08:42 PM

Well, when I'm doing a malware removal on a fairly infected machine, and I find a driver (sys file) in an odd folder that can't be identified on Google or my databases, I ask questions.

So, you said "some programs I use"

What type of programs?

Are there file properties associated with that file which indicate a company it's from? Do you recognize it?

subzerolife · 10-15-2007, 08:47 PM

Ok, it looks like it goes to a program called Glider that I had originally downloaded to test it, but I since decided against it and just never got around to delete it (it goes against the ToS of a game I play) I don`t have any issue with getting rid of the whole mess if thats an option.

subzerolife · 10-17-2007, 07:03 PM

Hello?

tetonbob · 10-17-2007, 07:38 PM

Sorry about that....I never saw your last reply.

Thanks, that's just the information I was after. It should not affect the malware removal situation.

I see you have Ewido anti-spyware 4.0 partially installed. Ewido has recently been purchased by Grisoft, makers of AVG Antivirus, and the program is now known as AVG Anti-Spyware. It is essentially the same program with a new paintjob; Ewido currently can still be updated to the newest definitions, but this support will likely not last forever. I recommend you uninstall Ewido 4.0, restart your system, then download and install AVG Anti-Spyware. Update it's definitions as directed below, and run a scan where I have it placed in this fix.

Download AVG Anti Spyware

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the main Status screen, under Your Computer's Security, click Resident Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Do Not Automatically generate report after every scan"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.
---------------------------------------------------------------------------------------------

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Uninstall from Control Panel > Add/Remove Programs:

MediaTickets by OIN

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2

Close HijackThis now.

---------------------------------------------------------------------------------------------

Delete these folders if they exist:

C:\Documents and Settings\All Users.WINDOWS\Application Data\nurb surf roam mfcd
C:\Documents and Settings\Larry.LARCOMP\Application Data\inter bait

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.

---------------------------------------------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 u3 and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u3-windowsi586-p.exe to install the newest version.

After the install is complete, go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the licence, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please post logs from:

AVG Anti-Spyware
Kaspersky online scan
HijackThis

Edit:

I will be away from my computer for the next several days. I'll try to look in from another machine while on the road if you have any questions.

subzerolife · 10-22-2007, 02:45 PM

Hey, sorry, been busy the last couple of days.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, October 19, 2007 7:26:04 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/10/2007
Kaspersky Anti-Virus database records: 439292
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 127013
Number of viruses found: 27
Number of infected objects: 58
Number of suspicious objects: 0
Duration of the scan process: 02:44:54

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20071011081732\backup\DOCUME~1\LARRY~1.LAR\LOCALS~1\Temp\vpnxgv.exe Infected: Trojan-Downloader.Win32.Zlob.dhj skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Desktop Icons\AOL Broadband.exe Infected: not-a-virus:Porn-Downloader.Win32.Generic skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Mirar1.zip/WinATS.dll Infected: not-a-virus:AdWare.Win32.Mirar.e skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Mirar1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Larry.LARCOMP\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Larry.LARCOMP\Desktop\backups\backup-20071015-201202-819.dll Infected: not-a-virus:AdWare.Win32.Agent.fh skipped
C:\Documents and Settings\Larry.LARCOMP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Larry.LARCOMP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Larry.LARCOMP\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Larry.LARCOMP\Local Settings\History\History.IE5\MSHist012007101920071020\index.dat Object is locked skipped
C:\Documents and Settings\Larry.LARCOMP\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Larry.LARCOMP\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Larry.LARCOMP\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Lawrence\Local Settings\Application Data\bp12.exe/data0002 Infected: not-a-virus:AdWare.Win32.FlashEnhancer.b skipped
C:\Documents and Settings\Lawrence\Local Settings\Application Data\bp12.exe/data0004/data0002 Infected: not-a-virus:AdWare.Win32.FlashEnhancer.a skipped
C:\Documents and Settings\Lawrence\Local Settings\Application Data\bp12.exe/data0004 Infected: not-a-virus:AdWare.Win32.FlashEnhancer.a skipped
C:\Documents and Settings\Lawrence\Local Settings\Application Data\bp12.exe NSIS: infected - 3 skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\qoobox\Quarantine\C\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe.vir/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\qoobox\Quarantine\C\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe.vir NSIS: infected - 1 skipped
C:\qoobox\Quarantine\C\WINDOWS\msvb.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.fh skipped
C:\qoobox\Quarantine\C\WINDOWS\netadv.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.fh skipped
C:\qoobox\Quarantine\C\WINDOWS\sysdx.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.fh skipped
C:\qoobox\Quarantine\C\WINDOWS\wsremover.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.el skipped
C:\RECYCLER\S-1-5-21-790525478-362288127-725345543-1003\Dc4\Hidepure.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\RECYCLER\S-1-5-21-790525478-362288127-725345543-1003\Dc4\livelong.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103653.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103654.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103655.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103657.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103658.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103659.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103660.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103661.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103662.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103663.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103664.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103665.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103666.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103667.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103668.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103669.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103671.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103672.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103674.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103676.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103677.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103678.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103680.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103681.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103682.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103683.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103684.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP710\A0103685.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP711\A0104785.exe Infected: not-a-virus:AdTool.Win32.Zango.a skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP711\A0104802.exe Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP713\A0104887.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP713\A0104888.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP716\A0104971.dll Infected: not-a-virus:AdWare.Win32.Agent.fh skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP717\A0104991.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP717\A0104991.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP717\A0104992.dll Infected: not-a-virus:AdWare.Win32.Agent.fh skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP717\A0104993.dll Infected: not-a-virus:AdWare.Win32.Agent.fh skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP717\A0104994.dll Infected: not-a-virus:AdWare.Win32.Agent.fh skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP717\A0104995.exe Infected: not-a-virus:AdWare.Win32.Agent.el skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP718\A0105271.exe Infected: not-a-virus:Downloader.Win32.WinFixer.bb skipped
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP721\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:24:20 PM 10/18/2007

+ Scan result:

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{90BAEB8B-47C2-44B4-A5A6-B99D34F1D4C5} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{90BAEB8B-47C2-44B4-A5A6-B99D34F1D4C5} -> Adware.Generic : Error during cleaning.
HKU\S-1-5-21-790525478-362288127-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{90BAEB8B-47C2-44B4-A5A6-B99D34F1D4C5} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-790525478-362288127-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{90BAEB8B-47C2-44B4-A5A6-B99D34F1D4C5} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-790525478-362288127-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP711\A0104795.exe -> Adware.SystemDoctor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP711\A0104786.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\Deckard\System Scanner\20071011081732\backup\WINDOWS\Downloaded Program Files\UDC6_0001_D18M1108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UDC6_0001_D18M1108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UDC6_0001_D18M1108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\Documents and Settings\Larry.LARCOMP\Desktop\eicar.com -> Not-A-Virus.Test.Eicar : Cleaned with backup (quarantined).
:mozilla.637:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.206:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.207:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.208:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.209:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.210:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.211:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.213:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.214:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.215:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.216:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.217:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.218:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.219:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.220:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.221:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.222:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.223:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.224:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.376:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.377:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.378:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.379:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.380:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.381:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.382:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.383:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.384:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.385:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.386:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.387:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.394:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.417:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.554:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.668:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.761:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.815:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.858:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.899:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Larry.LARCOMP\Cookies\larry@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Larry.LARCOMP\Cookies\larry@divx.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.193:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.194:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.195:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.261:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.262:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.263:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.424:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.427:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Larry.LARCOMP\Cookies\larry@3.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Larry.LARCOMP\Cookies\larry@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Larry.LARCOMP\Cookies\larry@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.345:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.368:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.641:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.127:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.128:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.129:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.770:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Deckard\System Scanner\20071011081732\backup\WINDOWS\temp\Cookies\larry@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.128:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.129:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.130:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.131:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.132:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.133:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.134:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.135:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.136:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.32:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.33:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.53:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.54:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.55:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.56:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.57:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.820:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.821:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.822:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.823:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.832:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.644:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.645:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.646:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.602:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.603:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.110:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.120:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.123:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.124:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.125:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.78:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.79:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.80:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.83:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.84:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Larry.LARCOMP\Cookies\larry@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.105:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.11:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Larry.LARCOMP\Cookies\larry@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.795:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Billboard : Cleaned.
:mozilla.796:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Billboard : Cleaned.
:mozilla.362:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.552:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.149:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.75:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.143:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.144:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.145:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.76:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.77:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.78:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.136:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.142:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.147:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.148:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.435:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.436:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.437:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.438:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.439:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.440:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.441:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.442:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.443:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.868:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.698:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.699:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.262:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.263:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.264:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.99:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.924:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.925:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.926:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.771:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.772:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.896:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.897:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.898:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.693:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.694:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.695:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.696:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Larry.LARCOMP\Cookies\larry@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.867:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.378:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.400:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.734:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.735:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.736:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.107:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.399:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.913:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.93:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Larry.LARCOMP\Cookies\larry@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.463:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.341:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.482:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.483:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.484:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.485:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.486:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.346:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.349:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.350:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.351:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.353:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.354:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.355:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.112:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.113:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.114:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.115:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.116:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.118:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.57:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.58:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.59:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.60:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.61:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.62:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.63:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.64:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Larry.LARCOMP\Cookies\larry@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.184:C:\Documents and Settings\Lawrence\Application Data\Mozilla\Firefox\Profiles\wdyzij3s.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.185:C:\Documents and Settings\Lawrence\Application Data\Mozilla\Firefox\Profiles\wdyzij3s.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.186:C:\Documents and Settings\Lawrence\Application Data\Mozilla\Firefox\Profiles\wdyzij3s.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.847:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.848:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.596:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.562:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.568:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.569:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.570:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.571:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.610:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.669:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.672:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.673:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.837:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.838:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.843:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.906:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.907:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.908:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.912:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.738:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.800:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Idot : Cleaned.
:mozilla.115:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.116:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.47:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.48:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.256:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.374:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.740:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.894:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.895:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.388:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.389:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.76:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.77:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.536:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.537:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.538:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.539:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.540:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.541:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.265:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.787:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.788:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.214:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.215:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.464:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.468:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.469:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.682:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.131:C:\Documents and Settings\Lawrence\Application Data\Mozilla\Firefox\Profiles\wdyzij3s.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.388:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.397:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.77:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.29:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.30:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.31:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.404:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.405:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.406:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.407:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.408:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.409:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.410:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.411:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.412:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.66:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Larry.LARCOMP\Cookies\larry@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.940:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.941:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.107:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.108:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.109:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.146:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.147:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Larry.LARCOMP\Cookies\larry@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.176:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.170:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.171:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.172:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.173:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.174:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.175:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.176:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.177:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.178:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.179:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.180:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.188:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.189:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.190:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.191:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.192:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.193:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.194:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.195:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.196:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.197:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.198:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.199:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.200:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.39:C:\Documents and Settings\Lawrence\Application Data\Mozilla\Firefox\Profiles\wdyzij3s.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.40:C:\Documents and Settings\Lawrence\Application Data\Mozilla\Firefox\Profiles\wdyzij3s.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.41:C:\Documents and Settings\Lawrence\Application Data\Mozilla\Firefox\Profiles\wdyzij3s.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.42:C:\Documents and Settings\Lawrence\Application Data\Mozilla\Firefox\Profiles\wdyzij3s.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.43:C:\Documents and Settings\Lawrence\Application Data\Mozilla\Firefox\Profiles\wdyzij3s.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Deckard\System Scanner\20071011081732\backup\WINDOWS\temp\Cookies\larry@network.realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.372:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.373:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.100:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.101:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.102:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.103:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.105:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.106:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.571:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.615:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.616:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.617:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.618:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.619:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.620:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.769:C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\s6ze1nhn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.98:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.99:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.51:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.52:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.58:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.59:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.60:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.61:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.62:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.70:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Larry.LARCOMP\Cookies\larry@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.119:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.123:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.124:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.125:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.198:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.199:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.200:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.201:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.202:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.437:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.438:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.439:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.440:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.441:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.442:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.443:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.444:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.445:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.446:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.447:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.448:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.748:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.749:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.118:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.120:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.121:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.122:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.213:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.216:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.217:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.476:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.477:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.478:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.479:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.480:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.481:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.482:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.483:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.484:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.485:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.486:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.487:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.488:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.489:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.490:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.497:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.498:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.499:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.500:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.501:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.502:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.503:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.504:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.505:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.506:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.507:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.508:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.509:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.510:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.511:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.512:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.513:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.514:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.515:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.516:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.517:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.518:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.519:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.520:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.521:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.601:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.150:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.151:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.152:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.153:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.210:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.211:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.212:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.426:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.473:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.823:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.175:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.176:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.177:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.178:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.179:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.180:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.181:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.182:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.183:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.184:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.185:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.186:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.187:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.34:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.36:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.37:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.38:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.39:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.49:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.63:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.64:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.65:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.111:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.121:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.122:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.148:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Larry.LARCOMP\Cookies\larry@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.591:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.592:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.593:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.594:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.595:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.596:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.833:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.724:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.710:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.847:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.12:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.610:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Larry.LARCOMP\Cookies\larry@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.401:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.849:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.854:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.271:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.272:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.273:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.274:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.275:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.276:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.89:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.90:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.91:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.92:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.94:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.95:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.342:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.343:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.344:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\2n8odcxl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.400:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.401:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.402:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.403:C:\Documents and Settings\Larry.LARCOMP\Application Data\Mozilla\Firefox\Profiles\2n8odcxl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Microsoft AntiSpyware\Quarantine\EC53614D-4232-436D-96F6-E95643\BAF83EC3-188F-424F-B25A-0B5419 -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4D4AD6C5-0D2C-472A-85FE-820D01C73040}\RP717\A0104981.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\system32\wintsvit.exe.vir -> Trojan.Small : Cleaned with backup (quarantined).
C:\Program Files\World of Warcraft\Cosmos.exe.prepatch -> Trojan.WOW.qt : Cleaned with backup (quarantined).

::Report end

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:00 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Larry.LARCOMP\Desktop\Hijackthis\HiJackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\spool32.dll,wbsys.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8552 bytes

tetonbob · 10-22-2007, 05:44 PM

P2P - I see you have P2P software ( Limewire, Steam, BitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Viewpoint Manager<<<this is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Read this article: http://www.clickz.com/news/article.php/3561546

Additional info: http://vil.nai.com/vil/content/v_137262.htm

You may also want to uninstall Viewpoint Media Player

---------------------------------------------------------------------------------------------

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Mirar1.zip"
"C:\Documents and Settings\Larry.LARCOMP\Desktop\backups\backup-20071015-201202-819.dll"
"C:\Documents and Settings\Lawrence\Local Settings\Application Data\bp12.exe"
"C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll"

) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (

%systemdrive%\Deckard
%systemdrive%\Qoobox

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Disable("")>SR.vbs
echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Enable("")>>SR.vbs
wscript SR.vbs

(
echo.REGEDIT4&echo.
echo.[hkey_current_user\software\microsoft\windows\currentversion\explorer\advanced]
echo."hidden"=dword:00000002
echo."hidefileext"=dword:00000001
echo."showsuperhidden"=dword:00000000
)>rehide.reg

regedit /s rehide.reg
del rehide.reg SR.vbs
nircmd wait 7000
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:

Double click on fix.bat & allow it to run

Post back to tell me what it says.

Also, have you intentionally installed the Nielsen//NetRatings software?

subzerolife · 10-23-2007, 11:36 PM

I understand the dangers with P2P.

I may have installed the net ratings, but I can`t remember, and its not something I use. Lastely, when I used the fix.bat, it said deleted successfully.

tetonbob · 10-24-2007, 08:35 AM

Go to

-> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

-------------------------------------------------------------------------------------------------------------------------------

Your logs appear clean.You should be good to go. We still have a few items to address.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you don't have them already:

SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
SpywareGuard to catch and block spyware before it can execute.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here

IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here.
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
- Once updated you should see another prompt that the task was completed.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

See this link for a listing of some online antivirus scanners:

Anti-Spyware Tutorial
FIREWALL
If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:

Do not install more than one firewall program because they will conflict with each other.

Here are some additional utilities that will further enhance your safety.

http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

subzerolife · 10-24-2007, 06:59 PM

Hey, thanks for all your help, everythings looking good now, but I still have one issue that needs to be addressed, for some reason there appears to be a web browser somehow built into my desktop, the reason why I do not know. I am attaching a screenshot.

tetonbob · 10-24-2007, 07:22 PM

That's odd.

Can you change your desktop background?

If so, change it to something else, apply, reboot, and change it back to your preferred background.

Also have a look here:

Go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything. Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

Let me know.

subzerolife · 10-24-2007, 09:35 PM

Wow, i`m an idiot :) that fixed it. Gonna run my scanners one last time to make sure we are good but everythings looking fine :) Thank you for all your assistance.

10-10-2007, 09:27 PM	#1 (permalink)
subzerolife Registered User Join Date: Oct 2007 Posts: 13 OS: Windows XP Pro Service Pack 2	Lots of issues I have spyware and viruses that just wont go away, and i`m finally looking for help on the issues. I currently run Ad-Aware, Spybot Search and Destroy, and because my license on AVG ran out and I don`t have the cash to buy a new one, i`ve been using Avira AntiVir for an antivirus. All of these are fully updated, as well. I use XP Service Pack 2. I would have used the Panda scan but the page "Scan your PC now" linked to was blank. I am currently doing a dss scan, but it its taking a while, so I will post the results in the morning, Here is my HijackThis log. Any help would be appreciated :) I know this is all people giving up their free time to help others out. By the way, I do not know why there are like 3 winzips running, I see no indication of them. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:25:36 PM, on 10/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Larry.LARCOMP\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: MSVPS System - {05F79890-CFA6-4D53-87BC-2F390DA6645E} - C:\WINDOWS\bndsrsvk.dll O2 - BHO: (no name) - {3C1F6EAF-612B-478F-BF2D-6ABD825905A8} - C:\WINDOWS\system32\awvtu.dll (file missing) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: The netadv - {899B0EF2-E0BE-41BA-BB41-0ABFB232813C} - C:\WINDOWS\netadv.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [RoamMfcdLiesThis] C:\Documents and Settings\All Users.WINDOWS\Application Data\nurb surf roam mfcd\Hidepure.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [{35-59-95-55-ZN}] c:\windows\system32\qpdsregs.exe FI002 O4 - HKLM\..\Run: [w774c9b8.dll] RUNDLL32.EXE w774c9b8.dll,I2 00024aaf0774c9b8 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe O4 - HKLM\..\Run: [win32069083-32483] C:\WINDOWS\win32069083-32483.exe O4 - HKLM\..\Run: [ms04839083-324] C:\WINDOWS\ms04839083-324.exe O4 - HKLM\..\Run: [ms0539083-3248] C:\WINDOWS\ms0539083-3248.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunServices: [stratas] lockx.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [stratas] lockx.exe O4 - HKCU\..\Run: [actx1.exe] C:\Documents and Settings\Larry.LARCOMP\Application Data\System Restore\actx1.exe O4 - HKCU\..\Run: [zqactx1.exe] C:\WINDOWS\System32\zqactx1.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [Asbr] "C:\PROGRA~1\COMMON~1\ASKS~1\wuaclt.exe" -vt yax O4 - HKCU\..\Run: [Waj] C:\WINDOWS\APPATC~1\rundll32.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe" O4 - HKLM\..\Policies\Explorer\Run: [ishost.exe] ishost.exe O4 - HKLM\..\Policies\Explorer\Run: [issearch.exe] issearch.exe O4 - HKLM\..\Policies\Explorer\Run: [kernel32.dll] C:\WINDOWS\system32\isnotify.exe O4 - HKLM\..\Policies\Explorer\Run: [vpnxgv] C:\DOCUME~1\LARRY~1.LAR\LOCALS~1\Temp\vpnxgv.exe O4 - HKCU\..\Policies\Explorer\Run: [{ECA35955-07CA-1033-0528-020326200001}] "C:\Program Files\Common Files\{ECA35955-07CA-1033-0528-020326200001}\Update.exe" mc-110-12-0000272 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Startup: Zeno.lnk = C:\WINDOWS\eliteunstall.exe O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O15 - Trusted Zone: .elitemediagroup.net O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O16 - DPF: sptbaxcab - http://www.try2find.com/toolbar/setup/sptbax.cab O16 - DPF: {0645D7F3-C20E-4E0B-A545-557527497C0B} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d...APANEL_USA.cab O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://liveca06.rightnowtech.com/7020-b375h/rnl/java O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0002.exe O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/in...eanerstart.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_24.cab O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123 O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://www.systemdoctor.com/download...reeInstall.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\spool32.dll,wbsys.dll O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\ktpul7791.dll (file missing) O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing) O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) O21 - SSODL: msvb - {FFC17CE6-92F4-480A-9912-75B005FEA2E3} - C:\WINDOWS\msvb.dll O21 - SSODL: sysdx - {7A68DD46-B37E-405D-B25D-FDD99C6BC7C5} - C:\WINDOWS\sysdx.dll O22 - SharedTaskScheduler: {03413bf7-e34c-445b-bfc0-a2b127255871} - incestuously - (no file) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 13859 bytes Last edited by subzerolife; 10-10-2007 at 09:52 PM.*

10-13-2007, 07:31 PM	#3 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	Re: Lots of issues Hello, and Welcome to TSF. Yuck....you've got evidence of several inactive old infections, as well as a new one. What have you been doing on the internet? Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- I see you have more than one Anti-Virus program installed, AVG and Avira. While this may seem like greater protection, it can cause problems including slowdowns and system hangs. It can also prevent the AV from doing it's job. Choose one to keep and uninstall the other. Any antivirus program must be removed via add/remove program. For any program that doesn't have an add/remove entry, you will have to do this: re-install the program -> reboot -> uninstall ----------------------------------------------------------------------- Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe * IMPORTANT !!! Place combofix.exe on your Desktop Disconnect from the internet....pull the plug! Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R3 - Default URLSearchHook is missing O2 - BHO: MSVPS System - {05F79890-CFA6-4D53-87BC-2F390DA6645E} - C:\WINDOWS\bndsrsvk.dll O2 - BHO: (no name) - {3C1F6EAF-612B-478F-BF2D-6ABD825905A8} - C:\WINDOWS\system32\awvtu.dll (file missing) O3 - Toolbar: The netadv - {899B0EF2-E0BE-41BA-BB41-0ABFB232813C} - C:\WINDOWS\netadv.dll O4 - HKLM\..\Run: [RoamMfcdLiesThis] C:\Documents and Settings\All Users.WINDOWS\Application Data\nurb surf roam mfcd\Hidepure.exe O4 - HKLM\..\Run: [{35-59-95-55-ZN}] c:\WINDOWS\system32\qpdsregs.exe FI002 O4 - HKLM\..\Run: [w774c9b8.dll] RUNDLL32.EXE w774c9b8.dll,I2 00024aaf0774c9b8 O4 - HKLM\..\Run: [win32069083-32483] C:\WINDOWS\win32069083-32483.exe O4 - HKLM\..\Run: [ms04839083-324] C:\WINDOWS\ms04839083-324.exe O4 - HKLM\..\Run: [ms0539083-3248] C:\WINDOWS\ms0539083-3248.exe O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\RunServices: [stratas] lockx.exe O4 - HKCU\..\Run: [stratas] lockx.exe O4 - HKCU\..\Run: [actx1.exe] C:\Documents and Settings\Larry.LARCOMP\Application Data\System Restore\actx1.exe O4 - HKCU\..\Run: [zqactx1.exe] C:\WINDOWS\System32\zqactx1.exe O4 - HKCU\..\Run: [Asbr] "C:\PROGRA~1\COMMON~1\ASKS~1\wuaclt.exe" -vt yax O4 - HKCU\..\Run: [Waj] C:\WINDOWS\APPATC~1\rundll32.exe O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe" O4 - HKLM\..\Policies\Explorer\Run: [ishost.exe] ishost.exe O4 - HKLM\..\Policies\Explorer\Run: [issearch.exe] issearch.exe O4 - HKLM\..\Policies\Explorer\Run: [kernel32.dll] C:\WINDOWS\system32\isnotify.exe O4 - HKLM\..\Policies\Explorer\Run: [vpnxgv] C:\DOCUME~1\LARRY~1.LAR\LOCALS~1\Temp\vpnxgv.exe O4 - HKCU\..\Policies\Explorer\Run: [{ECA35955-07CA-1033-0528-020326200001}] "C:\Program Files\Common Files\{ECA35955-07CA-1033-0528-020326200001}\Update.exe" mc-110-12-0000272 O4 - Startup: Zeno.lnk = C:\WINDOWS\eliteunstall.exe O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ O15 - Trusted Zone: .elitemediagroup.net O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O16 - DPF: sptbaxcab - http://www.try2find.com/toolbar/setup/sptbax.cab O16 - DPF: {0645D7F3-C20E-4E0B-A545-557527497C0B} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d...APANEL_USA.cab O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://liveca06.rightnowtech.com/7020-b375h/rnl/java O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0002.exe O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/in...eanerstart.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_24.cab O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123 O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://www.systemdoctor.com/download...reeInstall.cab O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\ktpul7791.dll (file missing) O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing) O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) O21 - SSODL: msvb - {FFC17CE6-92F4-480A-9912-75B005FEA2E3} - C:\WINDOWS\msvb.dll O21 - SSODL: sysdx - {7A68DD46-B37E-405D-B25D-FDD99C6BC7C5} - C:\WINDOWS\sysdx.dll O22 - SharedTaskScheduler: {03413bf7-e34c-445b-bfc0-a2b127255871} - incestuously - (no file) O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm Close HijackThis now. --------------------------------------------------------------------------------------------- Go to -> Run -> paste* in the following single line command & click OK "%userprofile%\desktop\combofix.exe" /killall Follow the prompts. Type "1" and press Enter to begin the scan. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Re-establish an internet connection. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

10-15-2007, 06:40 PM	#4 (permalink)
subzerolife Registered User Join Date: Oct 2007 Posts: 13 OS: Windows XP Pro Service Pack 2	Re: Lots of issues Hey, i`ve still got issues, but this is the results. ComboFix 07-10-15.1 - Larry 2007-10-15 20:20:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.263 [GMT -4:00] Script execution time was exceeded on script "C:\ComboFix\osid.vbs". Script execution was terminated. Running from: C:\Documents and Settings\Larry.LARCOMP\desktop\combofix.exe Command switches used :: /killall . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Larry.LARCOMP\Application Data\macromedia\Flash Player\#SharedObjects\3L3QDWRH\www.broadcaster.com C:\Documents and Settings\Larry.LARCOMP\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Larry.LARCOMP\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Documents and Settings\Larry.LARCOMP\Desktop\Error Cleaner.url C:\Documents and Settings\Larry.LARCOMP\Desktop\Privacy Protector.url C:\Documents and Settings\Larry.LARCOMP\Desktop\Spyware&Malware Protection.url C:\Documents and Settings\Larry.LARCOMP\Favorites\Error Cleaner.url C:\Documents and Settings\Larry.LARCOMP\Favorites\Privacy Protector.url C:\Documents and Settings\Larry.LARCOMP\Favorites\Spyware&Malware Protection.url C:\Documents and Settings\Larry\Application Data\install.dat C:\Documents and Settings\Larry\Application Data\install.dat C:\Documents and Settings\Larry\Application Data\Sskcwrd.dll C:\Documents and Settings\Larry\Application Data\Sskknwrd.dll C:\Documents and Settings\Larry\Application Data\Sskuknwrd.dll C:\Documents and Settings\Larry\Start Menu\Programs\Startup\zeno.lnk C:\Documents and Settings\Larry\Start Menu\Programs\Startup\zstart.lnk C:\Program Files\cas C:\Program Files\Common Files\{ECA35~1 C:\Program Files\Common Files\asks~1 C:\Program Files\Common Files\asks~1\?asks\ C:\Program Files\Common Files\elitemediagroupoinuninstaller.exe C:\Program Files\Common Files\uninstall information C:\Program Files\fcengine C:\Program Files\fcengine\patterns.dat C:\Program Files\fcengine\Uninstall.exe C:\Program Files\Seekmo Programs C:\WINDOWS\appatc~1 C:\WINDOWS\dat.txt C:\WINDOWS\keyboard81.dat C:\WINDOWS\keyboard91.dat C:\WINDOWS\msvb.dll C:\WINDOWS\netadv.dll C:\WINDOWS\rs.txt C:\WINDOWS\search_res.txt C:\WINDOWS\sysdx.dll C:\WINDOWS\system32\components C:\WINDOWS\system32\components\flx0.dll C:\WINDOWS\system32\components\flx1.dll C:\WINDOWS\system32\components\flx2.dll C:\WINDOWS\system32\components\flx3.dll C:\WINDOWS\system32\components\flx6.dll C:\WINDOWS\system32\components\flx7.dll C:\WINDOWS\system32\components\flx8.dll C:\WINDOWS\system32\wintsvit.exe C:\WINDOWS\system32\wintsvit.exe C:\WINDOWS\win32069083-324832006.exe C:\WINDOWS\wsremover.exe . ((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 ))))))))))))))))))))))))))))))) . 2007-10-15 20:14 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-15 16:55 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-10-15 16:55 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-10-14 10:24 140,202,521 --a------ C:\Documents and Settings\Larry.LARCOMP\WoW-2.2.3.7359-to-0.3.0.7382-enUS-patch.exe 2007-10-10 23:44 <DIR> d-------- C:\Deckard 2007-10-10 04:33 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-09 22:43 <DIR> d-------- C:\Program Files\Avira 2007-10-09 22:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira 2007-10-09 16:52 <DIR> d-------- C:\Program Files\SystemDefender 2007-09-17 14:23 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-09-17 14:23 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-09-17 14:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-09-17 14:22 739,840 --a------ C:\WINDOWS\system32\DivX.dll 2007-09-17 01:36 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-09-17 01:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-09-17 01:22 <DIR> d-------- C:\Program Files\Stardock 2007-09-17 01:22 <DIR> d-------- C:\Program Files\Common Files\Stardock 2007-09-17 01:22 36,864 --a------ C:\WINDOWS\system32\wbsys.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-06 00:28 --------- d-----w C:\Program Files\Copystar 2011-04-20 12:48 --------- d-----w C:\Program Files\Common Files\Macromedia Shared 2010-12-22 04:22 --------- d-----w C:\Program Files\HyperSnap 6 2010-09-08 21:32 --------- d-----w C:\Program Files\Alcohol Soft 2010-06-15 12:14 --------- d-----w C:\Documents and Settings\Lawrence\Application Data\Keyhole 2010-03-11 21:28 --------- d-----w C:\Program Files\TryMedia 2007-10-16 00:33 --------- d-----w C:\Program Files\Steam 2007-10-16 00:33 --------- d-----w C:\Documents and Settings\Larry.LARCOMP\Application Data\Xfire 2007-10-16 00:13 --------- d-----w C:\Program Files\Virtools Web Player 3.5 2007-10-15 21:02 --------- d-----w C:\Program Files\DivX 2007-10-15 00:32 --------- d-----w C:\Program Files\World of Warcraft 2007-10-10 03:39 --------- d-----w C:\Documents and Settings\Larry.LARCOMP\Application Data\inter bait 2007-09-27 13:54 --------- d-----w C:\Program Files\UI Central 2007-09-17 04:24 --------- d-----w C:\Program Files\Winamp 2007-08-23 03:21 --------- d-----w C:\Documents and Settings\Larry.LARCOMP\Application Data\LimeWire 2005-02-07 06:17 26,520 -c--a-w C:\Documents and Settings\Lawrence\Application Data\GDIPFONTCACHEV1.DAT 2005-01-12 21:01 70,821 -c--a-w C:\Program Files\Kerrigan Armageddon.scx . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-10-16 02:18] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-10-16 02:05] "DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 14:34] "PRONoMgr.exe"="c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-10-23 10:15] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2006-12-29 22:02] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [] "NetMeter"="C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe" [] "AtiPTA"="atiptaxx.exe" [2006-02-21 20:05 C:\WINDOWS\system32\atiptaxx.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-10 22:48] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24] "AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 16:35] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-19 23:34] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-05-01 19:55] "Fraps"="C:\FRAPS\FRAPS.EXE" [2006-04-30 09:46] "Steam"="c:\program files\steam\steam.exe" [2007-07-09 00:21] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-12-04 18:28] C:\Documents and Settings\Larry\Start Menu\Programs\Startup\ OpenOffice.org 1.1.4.lnk - C:\Program Files\OpenOffice\program\quickstart.exe [2004-10-28 01:10:00] C:\Documents and Settings\Larry.LARCOMP\Start Menu\Programs\Startup\ OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 16:36:42] Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2006-12-15 23:14:25] C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-04-16 22:55:20] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisallowCpl"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"= C:\WINDOWS\system32\spool32.dll,wbsys.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"= scecli scecli R0 Copystar;Copystar;C:\WINDOWS\system32\DRIVERS\copystar.sys R1 nmconpid;nmconpid;C:\WINDOWS\system32\drivers\nmconpid.sys R2 CdaD10BA;CdaD10BA;\??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS S3 kbkzrqfni;kbkzrqfni;\??\C:\Documents and Settings\Larry.LARCOMP\Desktop\Yay\kbkzrqfni.sys S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command - F:\setup.exe /autorun directx\command - F:\DirectX\dxsetup.exe setup\command - F:\setup.exe . Contents of the 'Scheduled Tasks' folder "2007-10-09 12:39:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" "2007-10-15 07:16:00 C:\WINDOWS\Tasks\NotWhatYouSee.job" - C:\Music\Not What You See.wma . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-15 20:31:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2007-10-15 20:36:32 - machine was rebooted . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:39:11 PM, on 10/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM\aim.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\FRAPS\FRAPS.EXE C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Larry.LARCOMP\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Search - ?p=ZJ O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\spool32.dll,wbsys.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9241 bytes

10-15-2007, 07:25 PM	#5 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	Re: Lots of issues This machine was pretty messed up, and will take a while to clean. Before we go to the next step, I need more information. What is this folder for? C:\Documents and Settings\Larry.LARCOMP\Desktop\Yay Create an uninstall list: Open HiJackThis Click on the button " Open the Misc Tools section" Click on the Box that says "Open Uninstall Manager" Click on the button "Save list" Copy and past the List from the notepad file into your post Download fl.zip Extract the contents to a new folder on your Desktop. Within the folder, locate & double-click fl.bat. It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009 Last edited by tetonbob; 10-15-2007 at 07:27 PM.

10-15-2007, 08:36 PM	#9 (permalink)
subzerolife Registered User Join Date: Oct 2007 Posts: 13 OS: Windows XP Pro Service Pack 2	Re: Lots of issues Is there a problem? I`m not sure what that means.

10-15-2007, 08:42 PM	#10 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	Re: Lots of issues Well, when I'm doing a malware removal on a fairly infected machine, and I find a driver (sys file) in an odd folder that can't be identified on Google or my databases, I ask questions. So, you said "some programs I use" What type of programs? Are there file properties associated with that file which indicate a company it's from? Do you recognize it? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

10-15-2007, 08:47 PM	#11 (permalink)
subzerolife Registered User Join Date: Oct 2007 Posts: 13 OS: Windows XP Pro Service Pack 2	Re: Lots of issues Ok, it looks like it goes to a program called Glider that I had originally downloaded to test it, but I since decided against it and just never got around to delete it (it goes against the ToS of a game I play) I don`t have any issue with getting rid of the whole mess if thats an option.

10-17-2007, 07:03 PM	#12 (permalink)
subzerolife Registered User Join Date: Oct 2007 Posts: 13 OS: Windows XP Pro Service Pack 2	Re: Lots of issues Hello?

10-17-2007, 07:38 PM	#13 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	Re: Lots of issues Sorry about that....I never saw your last reply. Thanks, that's just the information I was after. It should not affect the malware removal situation. I see you have Ewido anti-spyware 4.0 partially installed. Ewido has recently been purchased by Grisoft, makers of AVG Antivirus, and the program is now known as AVG Anti-Spyware. It is essentially the same program with a new paintjob; Ewido currently can still be updated to the newest definitions, but this support will likely not last forever. I recommend you uninstall Ewido 4.0, restart your system, then download and install AVG Anti-Spyware. Update it's definitions as directed below, and run a scan where I have it placed in this fix. Download AVG Anti Spyware Install AVG Anti Spyware Double-click the icon on Desktop to launch AVG On the main Status screen, under Your Computer's Security, click Resident Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Do Not Automatically generate report after every scan" When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly. --------------------------------------------------------------------------------------------- Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. --------------------------------------------------------------------------------------------- Uninstall from Control Panel > Add/Remove Programs: MediaTickets by OIN Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 Close HijackThis now. --------------------------------------------------------------------------------------------- Delete these folders if they exist: C:\Documents and Settings\All Users.WINDOWS\Application Data\nurb surf roam mfcd C:\Documents and Settings\Larry.LARCOMP\Application Data\inter bait Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). Restart in normal mode. --------------------------------------------------------------------------------------------- Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6 u3 and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u3-windowsi586-p.exe to install the newest version. After the install is complete, go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH Checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Window Click OK to leave the Java Control Panel. --------------------------------------------------------------------------------------------- Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the licence, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- Please post logs from: AVG Anti-Spyware Kaspersky online scan HijackThis Edit: I will be away from my computer for the next several days. I'll try to look in from another machine while on the road if you have any questions. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009 Last edited by tetonbob; 10-17-2007 at 07:42 PM.

10-22-2007, 05:44 PM	#15 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	Re: Lots of issues P2P - I see you have P2P software ( Limewire, Steam, BitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. References for the risk of these programs are here, here and here. I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. --------------------------------------------------------------------------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: Viewpoint Manager<<<this is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Read this article: http://www.clickz.com/news/article.php/3561546 Additional info: http://vil.nai.com/vil/content/v_137262.htm You may also want to uninstall Viewpoint Media Player --------------------------------------------------------------------------------------------- Open NOTEPAD.exe and copy/paste the text in the quotebox below into it: Code: @echo off if exist "%temp%\log.txt" del "%temp%\log.txt" for %%g in ( "C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Mirar1.zip" "C:\Documents and Settings\Larry.LARCOMP\Desktop\backups\backup-20071015-201202-819.dll" "C:\Documents and Settings\Lawrence\Local Settings\Application Data\bp12.exe" "C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll" ) do ( del /a/f %%g >nul 2>&1 if exist %%g echo.%%~g>>"%temp%\log.txt" ) for %%g in ( %systemdrive%\Deckard %systemdrive%\Qoobox ) do ( rd /s/q %%g >nul 2>&1 if exist %%g echo.%%~g>>"%temp%\log.txt" ) if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt" ) else echo.Deleted Successfully !! echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Disable("")>SR.vbs echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Enable("")>>SR.vbs wscript SR.vbs ( echo.REGEDIT4&echo. echo.[hkey_current_user\software\microsoft\windows\currentversion\explorer\advanced] echo."hidden"=dword:00000002 echo."hidefileext"=dword:00000001 echo."showsuperhidden"=dword:00000000 )>rehide.reg regedit /s rehide.reg del rehide.reg SR.vbs nircmd wait 7000 del %0 Save this as fix.bat Choose to "Save type as - All Files" It should look like this: Double click on fix.bat & allow it to run Post back to tell me what it says. Also, have you intentionally installed the Nielsen//NetRatings software? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

10-23-2007, 11:36 PM	#16 (permalink)
subzerolife Registered User Join Date: Oct 2007 Posts: 13 OS: Windows XP Pro Service Pack 2	Re: Lots of issues I understand the dangers with P2P. I may have installed the net ratings, but I can`t remember, and its not something I use. Lastely, when I used the fix.bat, it said deleted successfully.

10-24-2007, 08:35 AM	#17 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	Re: Lots of issues Go to -> Run -> copy/paste in the following single line command & click OK combofix /u This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points. ------------------------------------------------------------------------------------------------------------------------------- Your logs appear clean.You should be good to go. We still have a few items to address. Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you don't have them already: SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items SpywareGuard to catch and block spyware before it can execute. SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here. MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip to your desktop. From your Desktop right-click (hosts.zip) and select: Extract All from the menu. Click Next, click Next, select the option: "Show Extracted files", click Finish This will open the newly created hosts folder on your Desktop. Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. Once updated you should see another prompt that the task was completed. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out. See this link for a listing of some online antivirus scanners: Anti-Spyware Tutorial FIREWALL If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice: Do not install more than one firewall program because they will conflict with each other. Comodo Personal Firewall ZoneAlarm Here are some additional utilities that will further enhance your safety. http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine. http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

10-24-2007, 07:22 PM	#19 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	Re: Lots of issues That's odd. Can you change your desktop background? If so, change it to something else, apply, reboot, and change it back to your preferred background. Also have a look here: Go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything. Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK. Let me know. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

10-24-2007, 09:35 PM	#20 (permalink)
subzerolife Registered User Join Date: Oct 2007 Posts: 13 OS: Windows XP Pro Service Pack 2	Re: Lots of issues Wow, i`m an idiot :) that fixed it. Gonna run my scanners one last time to make sure we are good but everythings looking fine :) Thank you for all your assistance.