1.

Solve : Screensavers are trying to take over my pc.?

Answer»

My boyfriend wanted a stupid fireplace screensaver because we have our pc conntected to our tv. Well he downloaded something CALLED 'Relevant Knowledge' that was attached to one of the downloads and I did some research and found out its malware.

I have an eMachine T3418 and service pack 2.
I use Panda Cloud Antivirus but I just installed it after this problem.
I've had this pc for years and never had a problem but believe me I will always have some sort of protection now.

Some helpful things may be :

I tried going to add/remove programs and uninstalling the program obviously to no avail and everytime I turn on my computer I have a error dialog box that says

c:\program files\relevantknowledge\rlls.dll uninstal.exe

it won't go away no matter how many times I press OK.

I tried moving the screensaver files he downloaded into the recycle bin and the empty recycle bin link disappears and when I manually right click to delete it says delete "WINDOWS" and then says it's invalid.

lastly, everytime I follow every step to download CCleaner, SAS, MBAM, I click run once installed and I get the hourglass for a second then nothing happens for each. I can't uninstall and reinstall because it errors and says in use. When I use hijack this everything is successful until I open TRY and open the log and it just does the same thing... nothing. User error? Help please!

Thanks in advance.


Try run the antimalware programs in safe mode.....you might have to rename them.

That's nasty malware and evilfantasy may have to open the magic toolbox to straighten things out.SAS still would not work saying because I was in safe mode and my installer couldn't be found or something but...

HJT did and so did MBAM ; Results are here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:52 AM, on 8/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\relevantknowledge\rlvknlg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp147.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\SeekappSrch\seekappsrch.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\Freeze.com\Living Beaches Full\UNINSTAL.EXE
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Documents and Settings\Cassaundra\Desktop\SUPERAntiSpyware.exe
C:\Documents and Settings\Cassaundra\Desktop\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Freeze.com\TROPIC~1\UNINSTAL.EXE
C:\Documents and Settings\Cassaundra\Desktop\SUPERAntiSpyware(2).exe
C:\Documents and Settings\Cassaundra\Desktop\mbam-setup.exe
C:\Documents and Settings\Cassaundra\Desktop\mbam-setup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: RelevantKnowledge - c:\program files\relevantknowledge\rlls.dll
O23 - Service: NanoServiceMain - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp147.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4684 bytes


_______________________________________ __________


Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2 (Safe Mode)

8/22/2009 11:55:57 AM
mbam-log-2009-08-22 (11-55-45).txt

Scan type: Quick Scan
Objects scanned: 86000
Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry KEYS Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 13

Memory Processes Infected:
c:\program files\relevantknowledge\rlvknlg.exe (Spyware.Marketscore) -> No action taken.

Memory Modules Infected:
c:\program files\relevantknowledge\rlls.dll (Spyware.Marketscore) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\relevantknowledge (Spyware.Marketscore) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> No action taken.
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> No action taken.
C:\Program Files\RelevantKnowledge\components (Spyware.Marketscore) -> No action taken.

Files Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.Marketscore) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> No action taken.
C:\Program Files\RelevantKnowledge\chrome.manifest (Spyware.Marketscore) -> No action taken.
C:\Program Files\RelevantKnowledge\install.rdf (Spyware.Marketscore) -> No action taken.
C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.Marketscore) -> No action taken.
C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.Marketscore) -> No action taken.
C:\Program Files\RelevantKnowledge\rlph.dll (Spyware.Marketscore) -> No action taken.
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.Marketscore) -> No action taken.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.Marketscore) -> No action taken.
C:\Program Files\RelevantKnowledge\rlxf.dll (Spyware.Marketscore) -> No action taken.
C:\Program Files\RelevantKnowledge\components\rlxg.dll (Spyware.Marketscore) -> No action taken.
after going into safe mode I figured it out myself.
now I feel slow for making a big deal about it when it really was as easy as deleting a few files.

thanks for your help otherwise though =)

computer it back in action.Just to be on the safe side you might want to go ahead and let one of the specialist have a look over things to make sure it is completely gone.yeah feel free, I feel skeptical myself but the pop ups are gone + error messages.
but if you guys think of anything else lmk and i'll try it out.You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar
  • Viewpoint Experience Technology
.
----------

Download, update and run a-squared Free edition

At the main menu, click Scan Now, there will be 4 options, choose Deep Scan and then click Scan

* If malware is found, click the button Remove Selected Malware
* If malware is found, select all found and click Quarantine selected objects
* Click Save Report. Save the report to somewhere convenient, such as your desktop
* Add the report as an attachment in your next post.

----------

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.Here are the logs from each as requested.

a-squared Free - Version 4.5
Last update: 8/22/2009 4:33:11 PM

Scan settings:

Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:\, H:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start:8/22/2009 4:33:38 PM

c:\program files\bittorrent detected: Trace.Directory.Bittorrent 5.0!A2
c:\documents and settings\all users\start menu\programs\bittorrent detected: Trace.Directory.Bittorrent 5.0!A2
c:\program files\bittorrent\bittorrent.exe detected: Trace.File.Bittorrent 5.0!A2
c:\documents and settings\all users\start menu\programs\bittorrent\bittorrent.lnk detected: Trace.File.Bittorrent 5.0!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1248638815625005 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1248638816265000 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1248638816265003 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1248638822921000 detected: Trace.TrackingCookie.doubleclick.net!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1248638869593001 detected: Trace.TrackingCookie.aol.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249490816828004 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249495168656001 detected: Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249530305500000 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249530305625000 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249530305718000 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249530305718005 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249530306593000 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249530356687000 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249530356687001 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249530390140000 detected: Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249563719765000 detected: Trace.TrackingCookie.www.buy!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572356750000 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572356750001 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572356750002 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572356828006 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572358843000 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572359015005 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572359562003 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572359562006 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572412890000 detected: Trace.TrackingCookie.ads.bridgetrack.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249577188921001 detected: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249691875265000 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249854774312006 detected: Trace.TrackingCookie.tag.contextweb.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249858553140010 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249858699531002 detected: Trace.TrackingCookie.www.burstnet.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249858720656000 detected: Trace.TrackingCookie.www.burstbeacon.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249861032687003 detected: Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249863405953000 detected: Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249915891109006 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249915891187004 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249915891187005 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249916091281000 detected: Trace.TrackingCookie.sales.liveperson.n et!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249916091328000 detected: Trace.TrackingCookie.sales.liveperson.n et!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249916917187000 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249916917187001 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249916917187002 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249916917187003 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249916917187004 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249918138984000 detected: Trace.TrackingCookie.cms!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250036490437000 detected: Trace.TrackingCookie.www.googleadservic es.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250036969265000 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250036969265001 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250038191609000 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250038193281003 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250038193296003 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250038194656001 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250038194656002 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250038194812000 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250038194812002 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250038194812003 detected: Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250043655093000 detected: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250043655093001 detected: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250043656718000 detected: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250044174796004 detected: Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250044399859000 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250044399859001 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250044399859002 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250044400578000 detected: Trace.TrackingCookie.zedo.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250044400578001 detected: Trace.TrackingCookie.zedo.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250044401125000 detected: Trace.TrackingCookie.zedo.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250050142031000 detected: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250051116765004 detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250051948937000 detected: Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250051948937001 detected: Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250051966718000 detected: Trace.TrackingCookie.server.cpmstar.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250051966890000 detected: Trace.TrackingCookie.server.cpmstar.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250536247968000 detected: Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250538475593000 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250538475750000 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250539111375000 detected: Trace.TrackingCookie.cookie.monster.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250539111578000 detected: Trace.TrackingCookie.ads.monster.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250539939859001 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250794469125004 detected: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250794472687002 detected: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250794696281000 detected: Trace.TrackingCookie.statse.webtrendsli ve!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250795144796000 detected: Trace.TrackingCookie.ad1.clickhype.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250802085875001 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250806725546000 detected: Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250863260875002 detected: Trace.TrackingCookie.click.cashengines. com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250864211953001 detected: Trace.TrackingCookie.am1.activemeter.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250868467203000 detected: Trace.TrackingCookie.zedo.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250914155734002 detected: Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250914155734004 detected: Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250914156890000 detected: Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250951853750000 detected: Trace.TrackingCookie.m.webtrends.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250956872250000 detected: Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250972724359003 detected: Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S92N09AN\upgrade[1].cab/seekapp.dll detected: Gen.AdWare!IK
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S92N09AN\upgrade[1].cab/seekappsrch.exe detected: Gen.AdWare!IK
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SHQR8LAR\upgrade[1].cab/seekapp.dll detected: Gen.AdWare!IK
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SHQR8LAR\upgrade[1].cab/seekappsrch.exe detected: Gen.AdWare!IK
C:\System Volume Information\_restore{37B38896-87A3-4D37-B41C-FC20135C5D04}\RP18\A0001402.dll detected: Gen.Trojan!IK
C:\System Volume Information\_restore{37B38896-87A3-4D37-B41C-FC20135C5D04}\RP18\A0001404.dll detected: Gen.AdWare!IK
C:\System Volume Information\_restore{37B38896-87A3-4D37-B41C-FC20135C5D04}\RP25\A0005109.dll detected: Gen.AdWare!IK
C:\System Volume Information\_restore{37B38896-87A3-4D37-B41C-FC20135C5D04}\RP25\A0005110.dll detected: Gen.AdWare!IK
C:\System Volume Information\_restore{37B38896-87A3-4D37-B41C-FC20135C5D04}\RP25\A0005113.dll detected: Gen.AdWare!IK
C:\System Volume Information\_restore{37B38896-87A3-4D37-B41C-FC20135C5D04}\RP25\A0005115.exe detected: Gen.AdWare!IK
C:\System Volume Information\_restore{37B38896-87A3-4D37-B41C-FC20135C5D04}\RP25\A0005148.dll detected: Gen.AdWare!IK
C:\System Volume Information\_restore{37B38896-87A3-4D37-B41C-FC20135C5D04}\RP25\A0005149.exe detected: Adware.PremiumO!IK
C:\WINDOWS\Temp\SEE165.tmp\upgrade.exe/seekapp.dll detected: Gen.AdWare!IK
C:\WINDOWS\Temp\SEE51.tmp\upgrade.exe/seekapp.dll detected: Gen.AdWare!IK

Scanned

Files: 74292
Traces: 628846
Cookies: 1441
Processes: 25

Found

Files: 14
Traces: 4
Cookies: 102
Processes: 0
Registry keys: 0

Scan end:8/22/2009 5:15:03 PM
Scan time:0:41:25

C:\System Volume Information\_restore{37B38896-87A3-4D37-B41C-FC20135C5D04}\RP25\A0005149.exeQuarantined Adware.PremiumO!IK
C:\System Volume Information\_restore{37B38896-87A3-4D37-B41C-FC20135C5D04}\RP18\A0001402.dllQuarantined Gen.Trojan!IK
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S92N09AN\upgrade[1].cab/seekapp.dllQuarantined Gen.AdWare!IK
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S92N09AN\upgrade[1].cab/seekappsrch.exeQuarantined Gen.AdWare!IK
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SHQR8LAR\upgrade[1].cab/seekapp.dllQuarantined Gen.AdWare!IK
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SHQR8LAR\upgrade[1].cab/seekappsrch.exeQuarantined Gen.AdWare!IK
C:\System Volume Information\_restore{37B38896-87A3-4D37-B41C-FC20135C5D04}\RP18\A0001404.dllQuarantined Gen.AdWare!IK
C:\System Volume Information\_restore{37B38896-87A3-4D37-B41C-FC20135C5D04}\RP25\A0005109.dllQuarantined Gen.AdWare!IK
C:\System Volume Information\_restore{37B38896-87A3-4D37-B41C-FC20135C5D04}\RP25\A0005110.dllQuarantined Gen.AdWare!IK
C:\System Volume Information\_restore{37B38896-87A3-4D37-B41C-FC20135C5D04}\RP25\A0005113.dllQuarantined Gen.AdWare!IK
C:\System Volume Information\_restore{37B38896-87A3-4D37-B41C-FC20135C5D04}\RP25\A0005115.exeQuarantined Gen.AdWare!IK
C:\System Volume Information\_restore{37B38896-87A3-4D37-B41C-FC20135C5D04}\RP25\A0005148.dllQuarantined Gen.AdWare!IK
C:\WINDOWS\Temp\SEE165.tmp\upgrade.exe/seekapp.dllQuarantined Gen.AdWare!IK
C:\WINDOWS\Temp\SEE51.tmp\upgrade.exe/seekapp.dllQuarantined Gen.AdWare!IK
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250956872250000Quarantined Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250951853750000Quarantined Trace.TrackingCookie.m.webtrends.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250864211953001Quarantined Trace.TrackingCookie.am1.activemeter.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250863260875002Quarantined Trace.TrackingCookie.click.cashengines. com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250795144796000Quarantined Trace.TrackingCookie.ad1.clickhype.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250794696281000Quarantined Trace.TrackingCookie.statse.webtrendsli ve!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250539111578000Quarantined Trace.TrackingCookie.ads.monster.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250539111375000Quarantined Trace.TrackingCookie.cookie.monster.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250538475593000Quarantined Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250538475750000Quarantined Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250051966718000Quarantined Trace.TrackingCookie.server.cpmstar.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250051966890000Quarantined Trace.TrackingCookie.server.cpmstar.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250051948937000Quarantined Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250051948937001Quarantined Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250051116765004Quarantined Trace.TrackingCookie.media!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250044400578000Quarantined Trace.TrackingCookie.zedo.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250044400578001Quarantined Trace.TrackingCookie.zedo.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250044401125000Quarantined Trace.TrackingCookie.zedo.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250868467203000Quarantined Trace.TrackingCookie.zedo.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250043655093000Quarantined Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250043655093001Quarantined Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250050142031000Quarantined Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250794469125004Quarantined Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250794472687002Quarantined Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250038191609000Quarantined Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250038193281003Quarantined Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250038193296003Quarantined Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250038194656001Quarantined Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250038194656002Quarantined Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250038194812000Quarantined Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250038194812002Quarantined Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250038194812003Quarantined Trace.TrackingCookie.about.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250036490437000Quarantined Trace.TrackingCookie.www.googleadservic es.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249918138984000Quarantined Trace.TrackingCookie.cms!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249916091281000Quarantined Trace.TrackingCookie.sales.liveperson.n et!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249916091328000Quarantined Trace.TrackingCookie.sales.liveperson.n et!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249915891187004Quarantined Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249915891187005Quarantined Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250044399859000Quarantined Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250044399859001Quarantined Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250044399859002Quarantined Trace.TrackingCookie.trafficmp.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249858720656000Quarantined Trace.TrackingCookie.www.burstbeacon.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249858699531002Quarantined Trace.TrackingCookie.www.burstnet.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249854774312006Quarantined Trace.TrackingCookie.tag.contextweb.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249577188921001Quarantined Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250043656718000Quarantined Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572412890000Quarantined Trace.TrackingCookie.ads.bridgetrack.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572358843000Quarantined Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249916917187000Quarantined Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249916917187001Quarantined Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249916917187002Quarantined Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249916917187003Quarantined Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249916917187004Quarantined Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572356750000Quarantined Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572356750001Quarantined Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572356750002Quarantined Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572356828006Quarantined Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572359015005Quarantined Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572359562003Quarantined Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249572359562006Quarantined Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249915891109006Quarantined Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250044174796004Quarantined Trace.TrackingCookie.casalemedia.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249563719765000Quarantined Trace.TrackingCookie.www.buy!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249530356687000Quarantined Trace.TrackingCookie.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249530356687001Quarantined Trace.TrackingCookie.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250036969265000Quarantined Trace.TrackingCookie.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250036969265001Quarantined Trace.TrackingCookie.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249530305500000Quarantined Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249530305625000Quarantined Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249530305718000Quarantined Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249530305718005Quarantined Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249530306593000Quarantined Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249530390140000Quarantined Trace.TrackingCookie.go.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249495168656001Quarantined Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249861032687003Quarantined Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249863405953000Quarantined Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250536247968000Quarantined Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250806725546000Quarantined Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250914155734002Quarantined Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250914155734004Quarantined Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250914156890000Quarantined Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250972724359003Quarantined Trace.TrackingCookie.ad.yieldmanager.co m!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1248638869593001Quarantined Trace.TrackingCookie.aol.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1248638822921000Quarantined Trace.TrackingCookie.doubleclick.net!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1248638815625005Quarantined Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1248638816265000Quarantined Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1248638816265003Quarantined Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249490816828004Quarantined Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249691875265000Quarantined Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1249858553140010Quarantined Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250539939859001Quarantined Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250802085875001Quarantined Trace.TrackingCookie.myspace.com!A2
c:\program files\bittorrent\bittorrent.exeQuarantined Trace.File.Bittorrent 5.0!A2
c:\documents and settings\all users\start menu\programs\bittorrent\bittorrent.lnkQuarantined Trace.File.Bittorrent 5.0!A2
c:\program files\bittorrentQuarantined Trace.Directory.Bittorrent 5.0!A2
c:\documents and settings\all users\start menu\programs\bittorrentQuarantined Trace.Directory.Bittorrent 5.0!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250956872250000Quarantined Trace.TrackingCookie.www.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250951853750000Quarantined Trace.TrackingCookie.m.webtrends.com!A2
C:\Documents and Settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\cookies.sqlite:1250864211953001Quarantined Trace.TrackingCookie.am1.activemeter.co m!A2

Quarantined

Files: 14
Traces: 4
Cookies: 95

_______________________________________ _________


DDS (Ver_09-07-30.01) - NTFSx86
Run by Cassaundra at 17:20:16.85 on Sat 08/22/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.478.64 [GMT -4:00]

AV: Panda Cloud Antivirus *On-access scanning enabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp147.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\SeekappSrch\seekappsrch.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\a-squared Free\a2free.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cassaundra\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
StartupFolder: c:\docume~1\cassau~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cassau~1\applic~1\mozilla\firefox\profiles\23gmjj1q.default\
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default _setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_pa ge", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_ enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2009-6-23 114056]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-8-22 1864824]
R2 NanoServiceMain;NanoServiceMain;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2009-4-23 95488]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2009-6-23 136072]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2009-6-4 92552]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2009-6-4 98184]
R2 SeekappSrch Service;SeekappSrch Service;c:\documents and settings\all users\application data\seekappsrch\seekapp147.exe [2009-8-14 54760]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2009-7-26 26488]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

=============== Created Last 30 ================

2009-08-22 16:44--d-----c:\docume~1\cassau~1\applic~1\BitTorrent
2009-08-22 16:25--d-----c:\program files\a-squared Free
2009-08-22 16:15142a-------c:\windows\system32\spupdsvc.inf
2009-08-22 14:19333,952-c------c:\windows\system32\dllcache\srv.sys
2009-08-22 14:18455,296-c------c:\windows\system32\dllcache\mrxsmb.sys
2009-08-22 14:181,106,944a-------c:\windows\system32\SETA9.tmp
2009-08-22 14:181,106,944-c------c:\windows\system32\dllcache\msxml3.dll
2009-08-22 14:18337,408a-------c:\windows\system32\SETA5.tmp
2009-08-22 14:18337,408-c------c:\windows\system32\dllcache\netapi32.dll
2009-08-22 14:18331,776-c------c:\windows\system32\dllcache\msadce.dll
2009-08-22 14:17691,712-c------c:\windows\system32\dllcache\inetcomm.dll
2009-08-22 14:16272,128-c------c:\windows\system32\dllcache\bthport.sys
2009-08-22 14:16203,136-c------c:\windows\system32\dllcache\rmcast.sys
2009-08-22 13:14--d-----c:\windows\system32\scripting
2009-08-22 13:14--d-----c:\windows\l2schemas
2009-08-22 13:14--d-----c:\windows\system32\en
2009-08-22 13:14--d-----c:\windows\system32\bits
2009-08-22 13:12--d-----c:\windows\ServicePackFiles
2009-08-22 13:11--d-----c:\windows\network diagnostic
2009-08-22 13:02129,045--------c:\windows\system32\drivers\cxthsfs2.cty
2009-08-22 12:49--d-----c:\windows\system32\PreInstall
2009-08-22 12:49--d-h---c:\windows\$hf_mig$
2009-08-22 12:47--ds----c:\documents and settings\cassaundra\UserData
2009-08-22 11:47--d-----c:\docume~1\cassau~1\applic~1\Malwarebytes
2009-08-22 11:47--d-----c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-22 10:28--d-----c:\program files\Trend Micro
2009-08-22 10:08--d-----c:\program files\common files\Wise Installation Wizard
2009-08-22 00:05--d-----c:\windows\system32\appmgmt
2009-08-21 10:09--d-----c:\docume~1\cassau~1\applic~1\Panda Security
2009-08-21 10:06245a-------c:\windows\system32\PSUNCpl.dat
2009-08-21 10:06--d-----c:\program files\Panda Security
2009-08-21 10:06--d-----c:\docume~1\alluse~1\applic~1\Panda Security
2009-08-21 10:05--d-----c:\program files\BitTorrent
2009-08-14 19:11--d-----c:\program files\DivX
2009-08-14 19:11--d-----c:\program files\common files\DivX Shared
2009-08-10 11:11--d-----c:\program files\SeekappSrch
2009-08-10 11:11--d-----c:\docume~1\alluse~1\applic~1\SeekappSrch
2009-08-10 10:593,255a-------c:\windows\system32\wbem\Outlook_01ca19cb36d589a0.mof
2009-08-09 20:32--d-----c:\program files\IrfanView
2009-08-06 12:21139,776a-------c:\windows\system32\CNMLM75.DLL
2009-08-06 12:218,704a-------c:\windows\system32\CNMVS75.DLL
2009-08-06 12:2190,112a-------c:\windows\system32\CNMCP75.exe
2009-08-06 12:0625,856a-------c:\windows\system32\drivers\usbprint.sys
2009-07-26 16:27--d-----c:\program files\Windows Media Connect 2
2009-07-26 16:26--d-----c:\windows\system32\LogFiles
2009-07-26 16:2626,488a-------c:\windows\system32\spupdsvc.exe
2009-07-26 16:2132,592a-------c:\windows\system32\msonpmon.dll
2009-07-26 16:17--d-----c:\program files\Microsoft Visual Studio 8
2009-07-26 16:16--d-----c:\windows\SHELLNEW
2009-07-26 16:09--d-----c:\windows\pss
2009-07-26 16:08--d-----c:\docume~1\alluse~1\applic~1\Viewpoint
2009-07-26 16:08--d-----c:\program files\common files\AOL
2009-07-26 16:08382a---h---C:\IPH.PH
2009-07-26 16:03--d-----c:\program files\CONEXANT
2009-07-26 16:00--d-----c:\program files\Realtek Sound Manager
2009-07-26 16:00--d-----c:\program files\AvRack
2009-07-26 16:00--d-----c:\program files\Realtek AC97
2009-07-26 15:5630,277a-------c:\windows\system32\nvapps.xml
2009-07-26 15:56180,224a-------c:\windows\system32\nvudisp.exe
2009-07-26 15:5615,078a-------c:\windows\system32\nvdisp.nvu
2009-07-26 15:56--d-----c:\windows\nview
2009-07-26 15:53--d-----c:\windows\system32\SoftwareDistribution
2009-07-26 15:51176,128a-------c:\windows\system32\nvuide.exe
2009-07-26 15:511,537a-------c:\windows\system32\nvide.nvu
2009-07-26 15:51176,128a-------c:\windows\system32\nvunrm.exe
2009-07-26 15:51100,480a-------c:\windows\system32\drivers\nvtcp.sys
2009-07-26 15:513,632a-------c:\windows\system32\nvnrm.nvu
2009-07-26 15:51176,128a-------c:\windows\system32\nvusmb.exe
2009-07-26 15:511,391a-------c:\windows\system32\nvsmb.nvu
2009-07-26 15:50--d-----c:\windows\system32\ReinstallBackups
2009-07-26 15:50176,128a-------c:\windows\system32\NVUNINST.EXE

==================== Find3M ====================

2009-08-22 13:1686,327a-------c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-15 21:4621,640a-------c:\windows\system32\emptyregdb.dat

============= FINISH: 17:20:45.40 ===============




_______________________________________ ____________


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/15/2009 9:51:20 PM
System Uptime: 8/22/2009 1:50:23 PM (4 hours ago)

Motherboard: First International Computer, Inc. | | K8MC51G
Processor: AMD Sempron(tm) Processor 3400+ | Socket 754 | 2009/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 145 GiB total, 136.741 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is FIXED (FAT32) - 4 GiB total, 2.306 GiB free.
I: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 6/15/2009 9:55:21 PM - System Checkpoint
RP2: 6/15/2009 10:44:36 PM - Installed Adobe Reader 7.0
RP3: 6/17/2009 3:16:25 PM - System Checkpoint
RP4: 6/17/2009 3:22:25 PM - Installed Windows Installer KB893803v2.
RP5: 7/26/2009 4:00:02 PM - Installed Realtek AC'97 Audio
RP6: 7/26/2009 4:16:01 PM - Installed Microsoft Office Enterprise 2007
RP7: 7/26/2009 4:21:44 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP8: 7/26/2009 4:25:23 PM - Installed Windows Media Player 11
RP9: 7/26/2009 4:25:52 PM - Software Distribution Service 3.0
RP10: 8/5/2009 1:57:04 PM - System Checkpoint
RP11: 8/6/2009 12:21:51 PM - Printer Driver Canon iP1600 Installed
RP12: 8/7/2009 12:39:20 PM - System Checkpoint
RP13: 8/9/2009 6:30:33 PM - System Checkpoint
RP14: 8/9/2009 8:31:43 PM - Printer Driver Canon iP1600 Installed
RP15: 8/10/2009 11:03:05 AM - Installed walkway2paradisess
RP16: 8/11/2009 11:54:42 AM - System Checkpoint
RP17: 8/12/2009 12:54:46 PM - System Checkpoint
RP18: 8/13/2009 1:54:44 PM - System Checkpoint
RP19: 8/14/2009 4:19:26 PM - System Checkpoint
RP20: 8/15/2009 4:46:26 PM - System Checkpoint
RP21: 8/17/2009 4:41:59 PM - System Checkpoint
RP22: 8/20/2009 11:04:57 PM - System Checkpoint
RP23: 8/22/2009 12:05:31 AM - Removed walkway2paradisess
RP24: 8/22/2009 12:49:31 PM - Software Distribution Service 3.0
RP25: 8/22/2009 1:05:35 PM - Software Distribution Service 3.0
RP26: 8/22/2009 2:29:11 PM - Software Distribution Service 3.0

==== Installed Programs ======================

a-squared Free 4.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
BitTorrent
Canon iP1600
DivX Web Player
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
IrfanView (remove only)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Mozilla Firefox (3.5.2)
MSXML 4.0
NVIDIA Drivers
Panda Cloud Antivirus
Realtek AC'97 Audio
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960225)
Seekapp 1.0 build 147
Soft Data Fax Modem with SmartCP
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Visual C++ 8.0 CRT (x86) WinSXS MSM
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

8/22/2009 11:57:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/22/2009 11:47:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/22/2009 11:46:50 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT Processor PSINKNC RasAcd Rdbss Tcpip
8/22/2009 11:46:50 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/22/2009 11:46:50 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/22/2009 11:46:50 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/22/2009 11:46:50 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/22/2009 11:46:50 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/22/2009 11:46:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/22/2009 11:46:48 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/17/2009 2:25:02 PM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0040CA9200A0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


Thanks again! Let me know if you foud anything else..Go to Add or Remove Programs and uninstall:

Seekapp 1.0 build 147

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

Driver::
SeekappSrch Service

DDS::
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Firefox::
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

Folder::
c:\docume~1\alluse~1\applic~1\Viewpoint
C:\Documents and Settings\All Users\Application Data\SeekappSrch
C:\Program Files\SeekappSrch
c:\program files\messenger
c:\program files\viewpoint

File::
c:\windows\system32\SETA9.tmp
c:\windows\system32\SETA5.tmp

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
ComboFix 09-08-22.06 - Cassaundra 08/22/2009 17:50.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.478.212 [GMT -4:00]
Running from: c:\documents and settings\Cassaundra\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Cassaundra\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}

FILE ::
"c:\windows\system32\SETA5.tmp"
"c:\windows\system32\SETA9.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\alluse~1\applic~1\Viewpoint
c:\program files\messenger
c:\program files\messenger\custsat.dll
c:\program files\messenger\logowin.gif
c:\program files\messenger\lvback.gif
c:\program files\messenger\msgsc.dll
c:\program files\messenger\msgslang.dll
c:\program files\messenger\msmsgs.exe
c:\program files\messenger\newalert.wav
c:\program files\messenger\newemail.wav
c:\program files\messenger\online.wav
c:\program files\messenger\type.wav
c:\program files\messenger\xpmsgr.chm
c:\program files\SeekappSrch
c:\program files\SeekappSrch\SeekappSrch_deleted_\seekapp.dll
c:\program files\SeekappSrch\SeekappSrch_deleted_\seekappsrch.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\SETA5.tmp
c:\windows\system32\SETA9.tmp
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
.

2009-08-22 20:25 . 2009-08-22 21:36--------d-----w-c:\program files\a-squared Free
2009-08-22 18:19 . 2008-12-11 10:57333952-c----w-c:\windows\system32\dllcache\srv.sys
2009-08-22 18:18 . 2008-10-24 11:21455296-c----w-c:\windows\system32\dllcache\mrxsmb.sys
2009-08-22 18:18 . 2008-09-04 17:151106944-c----w-c:\windows\system32\dllcache\msxml3.dll
2009-08-22 18:18 . 2008-10-15 16:34337408-c----w-c:\windows\system32\dllcache\netapi32.dll
2009-08-22 18:18 . 2008-05-01 14:33331776-c----w-c:\windows\system32\dllcache\msadce.dll
2009-08-22 18:17 . 2008-04-11 19:04691712-c----w-c:\windows\system32\dllcache\inetcomm.dll
2009-08-22 18:16 . 2008-06-13 11:05272128-c----w-c:\windows\system32\dllcache\bthport.sys
2009-08-22 18:16 . 2008-05-08 14:02203136-c----w-c:\windows\system32\dllcache\rmcast.sys
2009-08-22 17:14 . 2009-08-22 17:14--------d-----w-c:\windows\system32\scripting
2009-08-22 17:14 . 2009-08-22 17:14--------d-----w-c:\windows\l2schemas
2009-08-22 17:14 . 2009-08-22 17:14--------d-----w-c:\windows\system32\en
2009-08-22 17:14 . 2009-08-22 17:14--------d-----w-c:\windows\system32\bits
2009-08-22 17:12 . 2009-08-22 17:12--------d-----w-c:\windows\ServicePackFiles
2009-08-22 17:01 . 2004-08-04 02:2973216------w-c:\windows\system32\drivers\atintuxx.sys
2009-08-22 16:49 . 2009-08-22 18:31--------d--h--w-c:\windows\$hf_mig$
2009-08-22 16:47 . 2009-08-22 16:47--------d-s---w-c:\documents and settings\Cassaundra\UserData
2009-08-22 15:47 . 2009-08-22 15:47--------d-----w-c:\documents and settings\Cassaundra\Application Data\Malwarebytes
2009-08-22 15:47 . 2009-08-22 15:47--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-22 14:28 . 2009-08-22 14:28--------d-----w-c:\program files\Trend Micro
2009-08-22 14:08 . 2009-08-22 14:08--------d-----w-c:\program files\Common Files\Wise Installation Wizard
2009-08-21 14:09 . 2009-08-21 14:09--------d-----w-c:\documents and settings\Cassaundra\Application Data\Panda Security
2009-08-21 14:06 . 2009-08-21 14:06245----a-w-c:\windows\system32\PSUNCpl.dat
2009-08-21 14:06 . 2009-08-21 14:06--------d-----w-c:\program files\Panda Security
2009-08-21 14:06 . 2009-08-21 14:06--------d-----w-c:\documents and settings\All Users\Application Data\Panda Security
2009-08-14 23:11 . 2009-08-14 23:11--------d-----w-c:\program files\DivX
2009-08-14 23:11 . 2009-08-14 23:11--------d-----w-c:\program files\Common Files\DivX Shared
2009-08-12 02:39 . 2004-08-04 06:5625600----a-w-c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-08-10 00:32 . 2009-08-10 00:32--------d-----w-c:\program files\IrfanView
2009-08-06 16:23 . 2006-07-11 09:0090624----a-w-c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0409\CNMlr75.dll
2009-08-06 16:23 . 2006-07-11 09:0069632----a-w-c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0409\CNMsr75.dll
2009-08-06 16:23 . 2006-07-11 09:0054272----a-w-c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0411\CNMlr75.dll
2009-08-06 16:23 . 2006-07-11 09:0040448----a-w-c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0411\CNMsr75.dll
2009-08-06 16:23 . 2006-07-11 09:00254464----a-w-c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0409\CNMur75.dll
2009-08-06 16:23 . 2006-07-11 09:00192512----a-w-c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0411\CNMur75.dll
2009-08-06 16:06 . 2008-04-13 18:4725856----a-w-c:\windows\system32\drivers\usbprint.sys
2009-07-26 20:27 . 2009-07-26 20:27--------d-----w-c:\program files\Windows Media Connect 2
2009-07-26 20:26 . 2009-07-26 20:26--------d-----w-c:\windows\system32\drivers\UMDF
2009-07-26 20:26 . 2009-07-26 20:26--------d-----w-c:\windows\system32\LogFiles
2009-07-26 20:26 . 2007-08-11 00:4626488----a-w-c:\windows\system32\spupdsvc.exe
2009-07-26 20:21 . 2006-10-27 02:5632592----a-w-c:\windows\system32\msonpmon.dll
2009-07-26 20:20 . 2009-07-26 20:20--------d-----w-c:\program files\Microsoft Works
2009-07-26 20:20 . 2009-07-26 20:20--------d-----w-c:\program files\MSBuild
2009-07-26 20:19 . 2009-07-26 20:19--------d-----w-c:\program files\Microsoft.NET
2009-07-26 20:17 . 2009-07-26 20:17--------d-----w-c:\program files\Microsoft Visual Studio 8
2009-07-26 20:16 . 2009-07-26 20:20--------d-----w-c:\windows\SHELLNEW
2009-07-26 20:16 . 2009-07-26 20:16--------d-----w-c:\documents and settings\Cassaundra\Local Settings\Application Data\Microsoft Help
2009-07-26 20:16 . 2009-07-26 20:22--------d-----w-c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-26 20:16 . 2009-07-26 20:16--------d--h--r-C:\MSOCache
2009-07-26 20:08 . 2009-07-26 20:08--------d-----w-c:\documents and settings\Cassaundra\Local Settings\Application Data\AOL
2009-07-26 20:08 . 2009-07-26 20:08--------d-----w-c:\documents and settings\All Users\Application Data\AOL OCP
2009-07-26 20:08 . 2009-07-26 20:08--------d-----w-c:\documents and settings\All Users\Application Data\AOL
2009-07-26 20:08 . 2009-08-22 17:23--------d-----w-c:\program files\Common Files\AOL
2009-07-26 20:06 . 2009-07-26 20:060----a-w-c:\windows\nsreg.dat
2009-07-26 20:06 . 2009-07-26 20:06--------d-----w-c:\documents and settings\Cassaundra\Local Settings\Application Data\Mozilla
2009-07-26 20:03 . 2009-07-26 20:03--------d-----w-c:\program files\CONEXANT
2009-07-26 19:56 . 2009-07-26 20:04--------d-----w-c:\windows\nview
2009-07-26 19:56 . 2005-09-18 15:32180224----a-w-c:\windows\system32\nvudisp.exe
2009-07-26 19:51 . 2005-09-09 20:51176128----a-w-c:\windows\system32\nvuide.exe
2009-07-26 19:51 . 2005-09-09 20:51176128----a-w-c:\windows\system32\nvunrm.exe
2009-07-26 19:51 . 2005-07-30 02:10100480----a-w-c:\windows\system32\drivers\nvtcp.sys
2009-07-26 19:51 . 2005-09-09 22:51176128----a-w-c:\windows\system32\nvusmb.exe
2009-07-26 19:50 . 2005-09-09 20:51176128----a-w-c:\windows\system32\NVUNINST.EXE
2009-07-26 19:50 . 2009-07-26 19:50--------d-----w-c:\program files\Common Files\InstallShield
2009-07-26 19:47 . 2006-05-24 01:04110592----a-w-c:\documents and settings\Cassaundra\Application Data\U3\temp\cleanup.exe
2009-07-26 19:46 . 2009-07-26 19:49--------d-----w-c:\documents and settings\Cassaundra\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 17:16 . 2009-06-16 01:4886327----a-w-c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-06 16:21 . 2009-08-06 16:21--------d--h--w-c:\documents and settings\All Users\Application Data\CanonBJ
2009-07-26 20:00 . 2009-07-26 20:00--------d-----w-c:\program files\Realtek Sound Manager
2009-07-26 20:00 . 2009-07-26 20:00--------d-----w-c:\program files\AvRack
2009-07-26 20:00 . 2009-07-26 20:00--------d-----w-c:\program files\Realtek AC97
2009-07-26 20:00 . 2009-07-26 20:00--------d--h--w-c:\program files\InstallShield Installation Information
2009-06-23 14:04 . 2009-06-23 14:04136072----a-w-c:\windows\system32\drivers\PSINAflt.sys
2009-06-23 14:04 . 2009-06-23 14:04114056----a-w-c:\windows\system32\drivers\PSINKNC.sys
2009-06-16 01:55 . 2009-06-16 01:5512328----a-w-c:\documents and settings\Cassaundra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-16 01:46 . 2009-06-16 01:4621640----a-w-c:\windows\system32\emptyregdb.dat
2009-06-04 20:16 . 2009-06-04 20:1698184----a-w-c:\windows\system32\drivers\PSINProc.sys
2009-06-04 20:16 . 2009-06-04 20:1692552----a-w-c:\windows\system32\drivers\PSINFile.sys
2009-05-01 21:02 . 2009-05-01 21:021044480----a-w-c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02200704----a-w-c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{E309578C-8EDE-4731-99FA-6810B408B1BC}"
[HKEY_CLASSES_ROOT\CLSID\{E309578C-8EDE-4731-99FA-6810B408B1BC}]
2009-06-18 21:51283904----a-w-c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Pending Delete Icon]
@="{1D0B2E83-D473-4E1F-B213-AA7BC759DE20}"
[HKEY_CLASSES_ROOT\CLSID\{1D0B2E83-D473-4E1F-B213-AA7BC759DE20}]
2009-06-18 21:51283904----a-w-c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{B26DA910-F1DE-426A-8282-5B55958E11B6}"
[HKEY_CLASSES_ROOT\CLSID\{B26DA910-F1DE-426A-8282-5B55958E11B6}]
2009-06-18 21:51283904----a-w-c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2009-06-04 353536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-12-15 577536]

c:\documents and settings\Cassaundra\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [6/23/2009 10:04 AM 114056]
R2 NanoServiceMain;NanoServiceMain;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/23/2009 8:14 PM 95488]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [6/23/2009 10:04 AM 136072]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [6/4/2009 4:16 PM 92552]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [6/4/2009 4:16 PM 98184]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Cassaundra\Application Data\Mozilla\Firefox\Profiles\23gmjj1q.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default _setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_pa ge", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_ enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 17:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3004)
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-08-22 17:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-22 21:58

Pre-Run: 146,827,730,944 bytes free
Post-Run: 147,095,777,280 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=1CVMII /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=1CVMII-BAK

253
Looks a lot better. Is the computer running OK now?

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.


Discussion

No Comment Found

Related InterviewSolutions