Explore topic-wise InterviewSolutions in .

Mal_Otorun1 virus INFECTING my computer. SOMEONE help me resolve this infection. it already infecting all my programs including AVG antivirus, Malwarebytes, Superantispyware, hijackthis, combofix. all programs do not run anymore. a suspicious folder name "classified" aldready installed in most of files and folders. please, someone guide me resolve this..

NOTE: I cant post logs CAUSE the virus already AFFECTED all programs. im running on Windows XP HOME Edition SP3.Have you attempted to run your antivirus programs in safe mode? You're already a step ahead if they're on your PC already.

evilfantasy'
I am really trying to SEND these. I tried sending all 3 logs through an e-mail, but they wouldn't attach to to an e-mail either. ANYWAY, it looks like you MIGHT get the"HIGHJACK This-sniper exe file" see below, and I am not sure if the other two files will give you what you need. However, the SAS full scan found only 2 Adware tracking cookies which were then quarantined:

C:\Documents and settings\BobWallace\cookies\[emailprotected][1].txt

C:\Documents and settings\BobWallace\cookies\[emailprotected]2.207[1].txt

MBAM quick scan fond nothing.

Also, I mentioned this previously. At start up 2 messages flash by quickly just before Windows starts.

invalid boot.INI file

booting from:C:\windows

Hope this helps and you have the info. you need to solve this.

Thanks,
beachguy

[attachment deleted by admin]

i don't KNOW what going on yesterday my virus scan expired and then my computer starting shuting down on it's own i TRIED everything and did a REBOOT but now it won't run the NEW virus scan i got it keeps saying internal error and when i got to the online scans it give me an error on the PAGE and i can go to any other page but virus scanners please help thanksWhat are you using for an AV software?

Quote from: MBAM scan

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\System32\MSIVXqpdsyqpyvjbbbrlqyhibcrgsfkcddiiv.dll (Spyware.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\System32\MSIVXqpdsyqpyvjbbbrlqyhibcrgsfkcddiiv.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\MSIVXcount (Trojan.Agent) -> Delete on reboot.

one time, when i was surfing the internet, a window prompt me that i have viruses on my pc that need to be repaired and it asked me to download the "PERSONAL antivirus". I accidentally downloaded it and i had learned that this "personal antivirus" is the virus itself. I cannot remove it from my pc. Now i tried to do the PC recovery on my compaq computer. Im using windows xp. I hit the F10 button to start up then i did the pc recovery that can uninstall all saved and installed programs on my computer.Now, i am using the computer now like new, i re-installed the internet,printer,office,etc. I did not see the Personal Antivirus anymore. Am I already SAFE from that virus? Was the pc recovery i did effective? or do you THINK the virus is still there? im scared now.
my SECOND question is:
while im using my computer, it suddenly turned off and on then
a window prompt me and said this:
"VPU recover has reset your graphics ACCELERATED as it was no longer responding to graphics driver command"
send error report
>>what does it mean? Is this related about the virus that i encountered before?yhuna42, yes you are now safe from that particular virus...once you have reinstalled your computer like you have done there is no files on your computer that are effected by any virus whatsoever, so you can be safe in the knowledge that your computer is now clean and is now virus free If you want to make absolutely certain, then go here, follow the instructions. A specialist will look at the results.

I will also recommend getting a good anti-virus package, if you don't already have one.

I prefer Avast. Use the Home edition, it requires activation, but that is free.

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• Delete:
• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present

• Reset the clock settings.
• Hide file extensions, if required.
• Hide SYSTEM/Hidden files, if required.
• Set a new, clean Restore Point.

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it yourself.

How is the computer running now?

• Open the folder and run Dial-a-fix.exe
• 2 windows will open. Close the one in the background labeled Restrictive Policies
• Check the box in section 1, Empty temp folders.
  
• Check the box in section 2, Fix Windows Installer.
  
• Check the box in section 3, Fix Windows Update.
  
• Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
  
• Check all boxes in section 5, labeled Registration Center.
  
• Click Go
  
• OK any error messages if received, but write them down and post them here.
• Restart the computer when done.

My PC was running okay, just a bit slow, so I followed the steps given in the "Read this before requesting malware REMOVAL help" thread to clean up a bit and have the logs checked. I got as far as downloading the update to the SASpyware and my PC froze. I had to kill power to shut it down. When I restarted, I froze in different spots during start-up several times. Twice in the BIOS settings screen, 4-5 times in the Windows welcome screen and a few times after windows was loaded. I finally got it running via disconnecting my 2nd hard drive. It seems to be doing fine now but I suppose that other hard drive is trashed. It's clicking louder than normal while processing data.
Hopefully it will keep doing fine but I wanted to post my logs just to check. Thanks for any help.

Computer = emachines 667ix, celeron, 256mb RAM, XP SP2, 80GB WD PATA (previously also SEAGATE 10mb PATA, AGV 8.5 free,

SAS log:

SUPERANTISPYWARE Scan Log
http://www.superantispyware.com

Generated 07/31/2009 at 02:47 AM

Application Version : 4.27.1000

Core Rules Database Version : 4030
Trace Rules Database Version: 1970

Scan type : Complete Scan
Total Scan Time : 01:07:48

Memory items scanned : 361
Memory threats detected : 0
Registry items scanned : 3660
Registry threats detected : 0
File items scanned : 16540
File threats detected : 0
--------------------------

MBAM log:

Malwarebytes' Anti-Malware 1.39
Database version: 2534
Windows 5.1.2600 Service Pack 2

7/31/2009 3:38:08 AM
mbam-log-2009-07-31 (03-37-56).txt

Scan type: Quick Scan
Objects scanned: 83854
Time elapsed: 11 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\mike1\favorites\Free Porn Videos & *censored* Movies- Sex Videos, *censored*, Porn Tube, XXX and *censored* Porn..url (Rogue.LINK) -> No action taken.
--------------------------------

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:46 AM, on 7/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\LojackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248407878996
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 3576 bytes

I had a virus in my system32 directory in the lsp.dll file. It took some doing but I finally got rid of the virus and in doing so had to delete the file. Now I can not access the internet. The internet is connected, but my browser says it can't find any of the websites I enter, including my usual homepage. I can't receive e-mails either.
Did the removal of the lsp.dll file CAUSE this or is it the lingering effects of the virus itself? Also, any ideas on how to restore this file and try to get the internet working again?

Thanks.The removal of the layered winsock file causes the lack of connectivity.

CLICK start then run, type sfc /scannow then press enter, you need the XP CD and you'll get a blue progress bar, when the bar goes, reboot. Note the space between sfc and the slash....Thanks.

I actually got everything going last night.

When I originally turned on the computer, not only could I not get my browser to open, I realized my actual connection was bad. Also, I had no IP address. After checking the MODEM, calling Comcast, etc. I determined it was still damage left over from my virus.

I ran an ACE utility to clean up my registry, delete old temp files, etc.
Reboot and nothing.
I had downloaded the specific lsp.dll file from a safe source to a cd and then added this file back to my WINDOWS/system32 location.
Reboot and nothing
I then ran another utility, RegCure, and when doing so received a message that a file was missing/damaged. Sorry to all, but I didn't write down the name of the file. I typed this file name into the Help menu, used a Wizard that Windows provided to fix this file.
Reboot and I had my internet connection back AND my browser and e-mail worked.
Did another virus scan and was all clear.

I will not pretend I knew all that I was doing, however I think the RegCure helped identify the last file that wasn't working correctly and my computer was able to repair it. I had read somewhere that some of this is trial and error and I agree.
I know it may not be much help to anyone, but I thought I would share what I did.
Super .... good going!

I know you're swearing by Regcure right now but that program can cause a lot more problems than it fixes. No program should be permitted into your registry....thanks for getting back to us..Quote from: Karnac on July 31, 2009, 08:19:01 AM

Super .... good going!

I know you're swearing by Regcure right now but that program can cause a lot more problems than it fixes. No program should be permitted into your registry....thanks for getting back to us..

I turned on my computer around 30 minutes ago, and RANDOMLY my desktop wallpaper was a MESSAGE saying something about me having spyware. Then a random program, which I have never installed in my life pops up : Systemsecurity and tells me theres 38 new virus's and the only way I can get rid of them is to PURCHASE systemsecurity.

Now I know systemsecurity is a fake ANTI virus program and is a spyware itself, so how do I delete it? I can't seem to run any .exe programs, nor can I open task manager. I've also done the thing where I download a microsoft program that acts like task manager : proxp or something

but systemsecurity wont let me open that either

So what do I do? Ive found the systemsecurity folder (from right clicking the short cut and finding its path) deleted it but the problem still occurs.Download and run


Malwarebytes
SAS

Webserver has been HIJACKED, looking into RESOLVING. Any thoughts on what did this to my PRECIOUS site?


[attachment deleted by admin]

I get this message when I try to LOAD my mail from yahoo MESSENGER, I can't load anything from my aim either.....I don't know how to fix this....any help would be great...ThanksTry download yahoo messenger again....you MAY be MISSING a NECESSARY file ...a reinstall will fix it.

http://messenger.yahoo.com/download

Is anyone familiar with the SPYWARE remover "Evonsoft Computer Repair"? It is a free download from cnet.com. Is it a legitimate software? Does it work? Is it compatible with Norton? Any help WOULD be appreciated. My local computer geek shop has never heard of it!That is an UNSAFE program....avoid any program that claims to clean or FIX your registry. Try CCleaner

http://www.ccleaner.com/

It has a registry fix as WELL, but the programs' benefits outway the risks........just avoid the registry.

My Norton Antivirus file is a white screen . So I bought Zonelab Antivirals and spyware and uninstalled Symantec/Norton, BUT, at start up, Zone SAYS Norton still there and I must override to GET Zonelab RUNNING. How do I get Norton out of my REGISTER? Zonelab says it is Malware and won't open(Thank heaven). But how do I get rid of this thing ? I am running Windows Vista, Control panel shows no Norton but the blank file is still on my right click. Any suggestions for a very beginner?You must USE a removal tool found here.

I have tried to remove Symantec Antivirus(Corporate Edition of Norton) from my computer without SUCCESS. After Contacting Symantec they SENT me a CleanWipe program that I downloaded.

Once I tried to extract the CleanWipe files on WinRAR it says there are no files to extract and that the password is wrong. Is it POSSIBLE that the fact that WinRar is a trial version that may be expired causing the problem? How WOULD I safely find a good version of WINRAR without having to pay for it if this is the problem.

Has anyone else encountered this same problem? Any suggestions, help or insight is welcomed

THANK YOU!
Etry the 7 Zip software. It is free, and it WORKS very well; I use it a lot. 7 zip is open source software and it can handle the extracting of various file types including RAR files and ZIP files.

no trial here, so there should be no expiration issue if that were the case and are you sure you have the correct password for the rar file? Try manually typing in the password instead of cutting and pasting if that's what you were doing.Thank you so much for your response.

Is there a safe way to remove WINRAR with out leaving any traces and so my computer does not try to use it anymore. Can you suggest a safe website to download that software at?

I did try typing in instead of copy and paste but had no success. The password was sent to me in an email from symantec so I hope it is right
Thank you againSomebody here has uplodaded the Cleanwipe software. It's a version that was last updated in 2007 ... I think it might be an older version that what Symantec recently sent you.

But it might just do as well, and no password required and it extracts fine, I've tested.So how do I reove WINrar?Quote from: HopeAngel on August 05, 2009, 03:39:30 PM

So how do I reove WINrar?

It will be worth it

I find it odd that my computer hasn't frozen yet. True, I haven't clicked anything except the tabs within the Task Manager, but I find it kinda interesting....

Well, I take that back, the task bar is frozen..... I just noticed the time hasn't changed since an hour and fifteen minutes ago, lol.I'm fairly sure Evil_fantasy will come along soon and sort this all out.... I haven't shut down the computer since I before I posted all that stuff using memory. Task manager is still up and RUNNING. I have another window (AIM - but it's not logged in) just chilling on the desktop. I can switch between the windows with no problem and I can click buttons and move the windows. And, up until a minute ago, I could click on folders I have on the desktop and open them. That has frozen now. The task bar has remained frozen the entire time. It's strange.

If I can't get this computer running in the next few days, I'm going to have to wipe out EVERYTHING and hope it works. I need to type up and print a paper which I don't have MUCH longer to do. I already had about about a page done, which would be sad to lose, but I can't spend forever trying to recover it.

I still don't know if there is anything I should stop from the task manager window things....?Alright guys, I recovered my SYSTEM. Just letting you all know that it worked. So now I have a working computer! Yay! Quote from: angel_below on August 04, 2009, 09:06:31 PM

Alright guys, I recovered my system. Just letting you all know that it worked. So now I have a working computer! Yay!

I'm really frustrated and paniced because everytime I log into my computer, it automatically shuts down and I have no control over it. It won't let me log into safemode either. I'm pretty sure I have a virus problem because I had seen fake anti-viral pop-ups before it started dying. I can't run an anti-virus scan because it only lasts about 5 seconds before shutting down. My computer simply shuts down, it isn't sudden, it seems like I shut it down but I didn't. I don't think it's an OVERHEATING problem because if I don't log in, it can go for hours and usually if it overheats it shuts down suddenly.

Can anyone help me?Have you moved or bumped the case leading up to this problem?.....Open the case and visually check that the fans are clean and working when you turn on the power. Is the heat sink on the processor firmly and EVENLY seated on the motherboard? Unplug your PC from the wall before entering the case......Touch the metal case to dissipate static before you touch any component....Try remove and reseat your ram....Shutdowns are usually caused by heat issues, power issues or malware issues. Are you getting a beep at post?

Could you also post your computers specs........age etc.I run a dell Windows XP. I don't KNOW exactly how old it is because it BELONGED to someone else before me. I've had it for 4 years.Quote from: Karnac on August 02, 2009, 06:46:46 AM

Have you moved or bumped the case leading up to this problem?
Is the heat sink on the processor firmly and evenly seated on the motherboard?
Are you getting a beep at post?

:'(I have lost the password word of some very important DOCUMENTS. They are MICROSOFT word2003 password-protected files. Is there any program that can solve my PROBLEM?thank you..
This isn't a malware issue.
And yes, there are probably thousands of such programs.... Google is your friend.We can't give any more information than that. We don't know the DRIVE actually belongs to you. I'm sorry, but that's our take on security.

I accept it is a personel point of view regurding choise of registry CLEANER
With so many on the market to choose one is a nightmare
I have SELECTED Malwarebytes
Help to confirm its the right or not
Joss CMalwareBytes is not a registry cleaner.......MalwareBytes is an excellent CHOICE of antimalware software ......If you use the free edition youmust update and run it manually eack week.....You can compliment Malwarebytes with the use of Superantispyware.....Make sure you run one antivirus program, with realtime protection in addition to the malware programs....Be sure to run a firewall as well.
Avoid registry cleaners,....... Disk cleanup and defragging when NECESSARY is all you need to do.Thanks once again Karnac

Joss CI agree with karnac 100%, do not EVER run a registry cleaner/optimizer, they cause more PROBLEMS in the long run than they fix.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:33 AM, on 8/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\PS2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lds.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228690169500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228690002656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_1/PhotoCenter_ActiveX_Control.cab?
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c99961ef870310) (gupdate1c99961ef870310) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 9859 bytes
Malwarebytes' Anti-Malware 1.40
Database version: 2574
Windows 5.1.2600 Service PACK 3

8/7/2009 10:10:56 AM
mbam-log-2009-08-07 (10-10-56).txt

Scan type: Quick Scan
OBJECTS scanned: 120314
Time elapsed: 20 minute(s), 57 second(s)

Memory Processes Infected: 6
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 12
Registry Data Items Infected: 2
Folders Infected: 8
Files Infected: 16

Memory Processes Infected:
C:\winnt_\winnt2.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\winnt_\winnt3.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\winnt_\winnt4.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\winnt_\winnt5.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\winnt_\winntR1.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\winnt_\winntR2.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f02fabcb-92dd-475a-98af-14217bd50746} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winnt2 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winnt3 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winnt4 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winnt5 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winntr1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winntr2 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.75.0 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\[emailprotected] (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts\Data\Compaq_Owner (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\twain_32 (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\twain_32 (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts\Data\Compaq_Owner\avatar.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts\Data\Compaq_Owner\register.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts\Data\Compaq_Owner\zbucks.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\twain_32\user.ds (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEULA.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Uninstall\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\winnt_\winnt2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\winnt_\winnt3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\winnt_\winnt4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\winnt_\winnt5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\winnt_\winntR1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\winnt_\winntR2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
run http://www.superantispyware.com/download.html and post the log also rerun mbam again and see if the log is clean and postSUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/07/2009 at 03:18 PM

Application Version : 4.27.1002

Core Rules Database Version : 4043
Trace Rules Database Version: 1983

Scan type : Quick Scan
Total Scan Time : 00:25:48

Memory items scanned : 522
Memory threats detected : 0
Registry items scanned : 468
Registry threats detected : 0
File items scanned : 11461
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\[emailprotected][1].txt
Malwarebytes' Anti-Malware 1.40
Database version: 2574
Windows 5.1.2600 Service Pack 3

8/7/2009 3:52:13 PM
mbam-log-2009-08-07 (15-52-13).txt

Scan type: Quick Scan
Objects scanned: 119877
Time elapsed: 15 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)
Thank Youhttp://www.filehippo.com/download_ccleaner/


download and run every week take out whatever it brings up

an expert will be along to read your logs , thats all i can help you with at the moment

I was downloading a plug-in for DivX and I just got the worst spyware of my life

Some programs I never installed started popping up that I think might be fake, I cannot open HijackThis, AVG anti spyware, Spybot, or Super anti spyware, these are the only applications I can't open, I have an icon in my windows tray that is a red circle with a white X in the middle that keeps telling me my computer is infected with spyware

Immediately after installing the plug-in I started getting spyware infection messages, then some weird security programs that I never installed started popping up, I already have windows security installed, a separate security system called XP Windows Security Center kept popping up to scan for spyware, the one I've always had is just called Windows Security Center without the XP, another program kept popping up called WinAnti spyware or something like that, both these programs started scanning for Spyware, they didn't let me remove the spyware, I had to pay for and register for the programs to remove the spyware

I didn't trust the programs so I tried to scan my computer with AVG, nothing happened when I double clicked on it, the hourglass appears next to the arrow for a split second like opening any other application but nothing happens, I tried all of my ant-spyware programs and HijackThis and they all did the same thing, these are the only applications that do not open, I uninstalled and deleted the two new programs, but when I click on the infection icon they still pop up

I thought the new programs might be stopping me from running any other anti-spyware programs, but I was still not able to run my anti-spyware programs after I deleted them, I tried reinstalling Spybot and it did not work

I APPRECIATE any help.Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

----------

Try to run a HijackThis scan now and post that log also.I was not able to disable my antispyware because I was not able to open those programs, I was also unable to run ComboFix because of the same problem, I apologize for not including ComboFix in my original list of programs that won't open, it seems ComboFix is affected by the same error.Right click ComboFix and rename it to Combo-Fix then try to run it.

If that doesn't work try restarting into Safe Mode and running it.It worked, here are the two logs;

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 5:13:19 PM, on 8/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\LogWatNT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Christopher\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [XP SecurityCenter] "C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" /hide
O4 - HKLM\..\Run: [buritos] buritos.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight All Hyperlinks - C:\Program Files\Game Accelerator\highlightlinks.htm
O8 - Extra context menu item: Highlight All Images - C:\Program Files\Game Accelerator\highlightimages.htm
O8 - Extra context menu item: Highlight All TABLES and Forms - C:\Program Files\Game Accelerator\highlighttable.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www3.ca.com/securityadvisor/pest/ppctlcab.CAB
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exeComboFix:

ComboFix 08-08-14.05 - Christopher 2008-08-15 16:55:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1077 [GMT -4:00]
Running from: C:\Documents and Settings\Christopher\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Christopher\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys
C:\Documents and Settings\Christopher\Cookies\axoti.db
C:\Documents and Settings\Christopher\Cookies\bapezoduw.lib
C:\Documents and Settings\Christopher\Cookies\busex._dl
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\codafogoqe.db
C:\Documents and Settings\Christopher\Cookies\coliqyry.exe
C:\Documents and Settings\Christopher\Cookies\elypefane.inf
C:\Documents and Settings\Christopher\Cookies\haqecycer._sy
C:\Documents and Settings\Christopher\Cookies\kuqyjys.ban
C:\Documents and Settings\Christopher\Cookies\mymemoki.inf
C:\Documents and Settings\Christopher\Cookies\utubicifu.sys
C:\Documents and Settings\Christopher\Cookies\xobaped.pif
C:\WINDOWS\buritos.exe
C:\WINDOWS\cdmxtras
C:\WINDOWS\cdmxtras\uninst.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\karina.dat
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\app.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\buritos.exe
C:\WINDOWS\system32\cache329
C:\WINDOWS\system32\cache329\B_329_0_0_106800.htm
C:\WINDOWS\system32\cache329\B_329_0_0_107400.htm
C:\WINDOWS\system32\cache329\B_329_1_0_449200.gif
C:\WINDOWS\system32\cache329\B_329_1_0_449600.gif
C:\WINDOWS\system32\cache329\B_329_1_0_454300.gif
C:\WINDOWS\system32\cache329\B_329_2_0_106800.htm
C:\WINDOWS\system32\cache329\B_329_2_0_107400.htm
C:\WINDOWS\system32\cache329\B_329_3_0_106800.htm
C:\WINDOWS\system32\cache329\B_329_3_0_107400.htm
C:\WINDOWS\system32\cache329\B_329_4_0_111600.htm
C:\WINDOWS\system32\cache329\B_329_4_0_152400.htm
C:\WINDOWS\system32\cache329\B_329_4_0_155300.htm
C:\WINDOWS\system32\cache329\B_329_4_0_164100.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_106800.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_107400.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_106800.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_107400.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_106800.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_107400.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_111600.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_152400.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_155300.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_164100.htm
C:\WINDOWS\system32\karina.dat
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.

2008-08-15 14:50 . 2008-08-15 14:5017,165--a------C:\Documents and Settings\Christopher\Application Data\camyjasy.scr
2008-08-15 14:50 . 2008-08-15 14:5011,113--a------C:\Documents and Settings\Christopher\Application Data\ehakagugik.com
2008-08-15 14:40 . 2008-08-15 14:4019,488--a------C:\WINDOWS\system32\nidoviq.sys
2008-08-15 14:40 . 2008-08-15 14:4018,333--a------C:\Documents and Settings\All Users\Application Data\acid.sys
2008-08-15 14:40 . 2008-08-15 14:4018,020--a------C:\Documents and Settings\Christopher\Application Data\johoxi.vbs
2008-08-15 14:40 . 2008-08-15 14:4017,192--a------C:\WINDOWS\system32\nysozu.bin
2008-08-15 14:40 . 2008-08-15 14:4016,487--a------C:\WINDOWS\system32\etubaboh._dl
2008-08-15 14:40 . 2008-08-15 14:4013,609--a------C:\Program Files\Common Files\jocy.bat
2008-08-15 14:40 . 2008-08-15 14:4013,555--a------C:\WINDOWS\bavaxoqe.sys
2008-08-15 14:40 . 2008-08-15 14:4012,707--a------C:\WINDOWS\system32\izudab.vbs
2008-08-15 14:40 . 2008-08-15 14:4012,464--a------C:\Documents and Settings\All Users\Application Data\ukisysy.scr
2008-08-15 14:40 . 2008-08-15 14:4012,414--a------C:\Documents and Settings\All Users\Application Data\zyqukikej.reg
2008-08-15 14:40 . 2008-08-15 14:4010,121--a------C:\WINDOWS\qycuza.exe
2008-08-15 14:39 . 2008-08-12 01:58195,986--a------C:\WINDOWS\system32\_scui.cpl
2008-08-15 14:38 . 2008-08-15 15:27314,724--a------C:\WINDOWS\system32\winstra2.exe
2008-08-15 14:38 . 2008-08-15 15:2771,992--a------C:\WINDOWS\system32\winstra1.exe
2008-08-07 09:45 . 2008-08-07 09:45d--------C:\Program Files\Linkword Languages
2008-07-21 15:25 . 2008-07-21 15:25d----c---C:\Python25
2008-07-21 12:06 . 2008-07-21 12:06d--------C:\Program Files\Smith Micro
2008-07-21 09:24 . 2008-07-03 14:169,875,456--a------C:\WINDOWS\system32\dzcore.dll
2008-07-21 09:24 . 2008-07-03 14:036,131,712--a------C:\WINDOWS\system32\daz-qt-mt.dll
2008-07-21 09:24 . 2008-07-03 13:562,076,672--a------C:\WINDOWS\system32\dz3delight.dll
2008-07-21 09:24 . 2008-07-03 14:031,785,856--a------C:\WINDOWS\system32\daz-qsa.dll
2008-07-21 09:24 . 2008-07-03 14:1849,152--a------C:\WINDOWS\system32\dzcarrara.dll
2008-07-21 09:24 . 2008-07-03 14:1833,280--a------C:\WINDOWS\system32\dzbryce6.dll
2008-07-21 09:24 . 2008-07-03 14:1826,624--a------C:\WINDOWS\system32\dzwrapper.dll
2008-07-21 09:23 . 2008-07-21 09:23d--------C:\Program Files\DAZ
2008-07-19 13:50 . 2008-07-19 13:50d--------C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-19 13:43 . 2008-07-19 13:43d--------C:\Program Files\Bonjour
2008-07-19 13:29 . 2008-07-19 13:29d--------C:\Program Files\Common Files\Macrovision Shared
2008-07-18 17:59 . 2008-07-19 12:09156--a------C:\WINDOWS\Twunk001.MTX
2008-07-18 17:59 . 2008-07-19 12:093--a------C:\WINDOWS\Twain001.Mtx
2008-07-18 17:59 . 2008-07-18 17:590--a------C:\WINDOWS\Twunk002.MTX
2008-07-17 18:50 . 2008-07-17 18:55d--------C:\Documents and Settings\Christopher\Application Data\Queue Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 20:50---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-15 19:23---------d-----wC:\Program Files\Spybot - Search & Destroy
2008-08-15 18:5016,813----a-wC:\WINDOWS\myhawu.scr
2008-08-15 18:5015,818----a-wC:\WINDOWS\uvave.reg
2008-08-15 18:5014,688----a-wC:\Program Files\Common Files\ocucebo.inf
2008-08-15 18:5013,924----a-wC:\WINDOWS\ekiqe.vbs
2008-08-15 18:5013,844----a-wC:\Program Files\Common Files\dacyvuc._dl
2008-08-15 18:5011,980----a-wC:\Program Files\Common Files\eqycuzu._dl
2008-08-15 13:04---------d-----wC:\Documents and Settings\Christopher\Application Data\uTorrent
2008-08-14 01:15---------d--h--wC:\Program Files\InstallShield Installation Information
2008-08-13 05:45---------d-----wC:\Program Files\uTorrent
2008-07-21 19:22---------d-----wC:\Program Files\Common Files\DAZ
2008-07-19 23:01---------d-----wC:\Program Files\Common Files\Real
2008-07-19 22:55---------d-----wC:\Program Files\7-Zip
2008-07-19 17:43---------d-----wC:\Program Files\Common Files\Adobe
2008-07-17 20:34---------d-----wC:\Program Files\Java
2008-07-12 17:53---------d-----wC:\Program Files\Sims2Pack Clean Installer
2008-07-12 17:35---------d-----wC:\Program Files\Game Accelerator
2008-07-12 17:24---------d-----wC:\Program Files\CDisplay
2008-07-12 16:54---------d-----wC:\Program Files\CCleaner
2008-07-11 20:32---------d-----wC:\Program Files\GDS
2008-07-10 03:00---------d-----wC:\Program Files\DivX
2008-06-24 01:52---------d-----wC:\Documents and Settings\Christopher\Application Data\Apple Computer
2008-06-20 10:45360,320----a-wC:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44138,368----a-wC:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52225,920----a-wC:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-16 00:3248,448-c--a-wC:\Documents and Settings\Christopher\Application Data\GDIPFONTCACHEV1.DAT
2005-09-03 13:4920-c--a-wC:\Program Files\Sims2Pack Clean Installer.ini
2004-06-23 18:5520,480-c--a-wC:\Program Files\ProcManager.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 14:46 255528]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 15:01 1037736]
"nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2008-03-08 10:02 2476408 C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-17 12:51 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXL]
--a------ 2008-03-14 19:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2007-01-29 22:10 46632 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2007-01-29 22:12 30248 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2005-02-25 20:28 212992 C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-14 19:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
--a--c--- 2001-08-08 10:27 376352 C:\Program Files\CA\eTrust\Antivirus\REALMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2005-01-12 03:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2007-12-06 11:32]
R2 LogWatch;Event Log Watch;C:\WINDOWS\LogWatNT.exe [2000-06-08 14:15]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 03:01]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-12-12 12:28]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-09-03 10:53]
S3 idrmkl;idrmkl;C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\idrmkl.sys []
S3 pmxscan;USB ScanModule V5.1 Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 01:58]
.
Contents of the 'Scheduled Tasks' folder

2008-08-15 C:\WINDOWS\Tasks\AE21463891AAF74C.job
- c:\progra~1\jumpsi~1\Glue Team Itch.exe []

2008-08-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]

2008-08-15 C:\WINDOWS\Tasks\E7896B29962B2C8D.job
- c:\progra~1\jumpsi~1\Glue Team Itch.exe []

2008-08-15 C:\WINDOWS\Tasks\xcv.job
- C:\Documents and Settings\Christopher\My Documents\xcv.bmp []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-XP SecurityCenter - C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe
HKLM-Run-buritos - buritos.exe
MSConfigStartUp-TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-Ultimate Popup Blocker - C:\Program Files\Ultimate Pop-up Blocker\Ultimate Pop-up Blocker.exe
MSConfigStartUp-p2p networking - p2pnetworking.exe.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\ieqb9zx2.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 17:01:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust\Antivirus\INORT.EXE
C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
.
**************************************************************************
.
Completion time: 2008-08-15 17:10:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-15 21:09:38
ComboFix2.txt 2007-07-31 00:54:24

Pre-Run: 6,357,168,128 bytes free
Post-Run: 6,409,986,048 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

307--- E O F ---2008-08-15 07:07:46Was ComboFix run from Safe Mode or did renaming it work?

Please delete the version of HijackThis you have and install the new version and run a new scan with it and post the log.

Download and rename TrendMicro HijackThis.exe (HJT)

• Double-click on HJTInstall.
• Click on the Install button.
  
• It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
  
• Upon install, HijackThis should open for you.

• Close HijackThis and rename it.
  
• Go to C:\Program Files\Trend Micro\HijackThis.exe
  
• Right click on HijackThis.exe and select Rename.
  
• Type in sniper.exe and press Enter.
  
• Right-click on sniper.exe and select Send To > Desktop (create shortcut)

• From the desktop open HijackThis.
• Important! If using Windows Vista, Right-click and Run As Administrator
  
• Click on the Do a system scan and save a log file button
  
• HijackThis will scan and then a log will open in notepad.
• COPY and then paste the entire contents of the log in your post.
  
• Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

• Click Start , then Run
  
• Type notepad.exe in the Run Box.
  

• NoLop.exe

• Close any programs you have running since a reboot is required
• Double click NoLop.exe to run it
  
• Next, click the button labeled: Search and Destroy
  • Your computer will now be scanned for infected files
• When the scan finishes, if infected, you are prompted to reboot
• Click OK
• Now click: REBOOT
  
• A Message should popup from NoLop. If not, double click the program again and it will finish.
• Post the contents of C:\NoLop.log in the next reply.

• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
• Update Malwarebytes' Anti-Malware
  
• Launch Malwarebytes' Anti-Malware

• Then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply.

• Click START then RUN
  
• Now type Combo-Fix /u in the runbox
  
• Make sure there's a space between Combo-Fix and /u
• Then hit Enter.
.

----------

Download OTMoveIt2 by OldTimer

• When finished exit out of OTMoveIt2

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

• Click on SCAN NOW
  
• Click Accept.
  
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  
• The scan will take a while, so be patient and let it finish.

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

I have a problem with OPENING my D and E drive of laptop........... when I double click on any of both drives it show disk is not formatted.....also this task of FORMATTING is not performed..........I have a lot of data in the drives..........

kindly help me to solve this problem........................Are these external hard drives or are they partitions on the main HD?QUOTE from: SuperDave on August 02, 2009, 06:24:07 PM

Are these external hard drives or are they partitions on the main HD?

Thanks BC for the explanation......hopefully she can get it to boot.Hello Karnac and BC_Programmer!

Wow! just reading your conversations I think you both could be right.

When all this freezing started to happen it would only happen when I would try to encode a movie for burning. I thought nothing of it since it was only at that time it would happen. It was only about 3 weeks ago that it would freeze while using the normal things like firefox. I would be ABLE to just reboot it and it was fine. But as time went on it had to be rebooted more often until now where it was to the POINT of not being able to use it.

I thought maybe it was malware or spy ware or even a virus so I did the malware scan and spy-bot. The malware Ad aware found 11 things and I got ride of them. The spy bot found a few too.

I was unable to as of yet do a ful virus scan since it would freeze. I have Avira AntiVi but before that I was using AVG.

I also did a cClean to clean up my COMPUTER.

I kept trying to do the virus scans with no success due to the freezing. And like I said before I would know when it was going to happen because I would hear the "click" then it would be about 5 or so secs late it would freeze. On occasion when I heard the click sound if I stopped the virus scan or pause it, it would recover itself. But this was not all the time.

I also did use the HJT tool and got ride of the entries it told me too. They were mostly the no name ones.

The green disk like was always on, and when it clicked (it was only ever a single click) thats when the orange light would come on and stay solid. This I knew was when it was going to freeze.

I think your right BC_Programmer in saying that I might have made it worse. During the first chkdsk scan it did freeze because it would sit at a percentage for hours. It was probably about 4 or more hours so I turned it off and rebooted it and it managed to take me back to the chkdsk scan screen and started it again. This time it did get further and I could see all the things listed that it was going to fix, so Im assuming there is some bad sectors. It was just after that log part that it seemed like to me that it froze while scanning the Journal. And from having it freeze previously I guess I thought it was doing it again and turned it off. ( I should have left it, now in hind site)I thought I saw the orange light on which eluded me to think it was frozen but cant say for certain. So then I rebooted it again and this is when it would only take me to the black screen asking which reboot mode do I want. I can get to one other screen but I cant remember the choices I had. It was something to the effect of debugging and stuff like that and repair.

BC_Programmer, you mentioned that I if have a windows CD, that I can run the recovery console from the disc and try the chkdsk from that; and to let it run overnight; just to be sure. Do I just insert the disk and it will prompt me? sorry I am by no means as gifted in this area as you and Karnac are lol!!

Karnac, I will also try doing your suggestion on the rescue disk. Or should I try using my windows disk first? I dont want to wipe out anything off my computer or will that happen? sorry. You guys must have tremendous patience dealing with my computer level lol!! Im 37 and I think my 5 year old nephew has more knowledge than me on these things! lol

Oh one more thing to add I do have an extra hard drive that was put in when I got the computer. But sorry I cant remember how many GB it is.

Well take care BC_Programmer and Karnac and once again I do appreciate all your help and patience!!

Cherîe



Cherie,

Follow BCs' directions, since the PC was shut down during the check disk scan best to make sure all is GOOD before trying the rescue disk. The rescue disk will later enable a virus scan to be run. You will have to change the boot order regardless of what method you use, so that you boot from the disk instead of the hard drive.Quote

BC_Programmer, you mentioned that I if have a windows CD, that I can run the recovery console from the disc and try the chkdsk from that; and to let it run overnight; just to be sure. Do I just insert the disk and it will prompt me? sorry I am by no means as gifted in this area as you and Karnac are lol!!

Starting the Windows Recovery Console from the Windows XP CD-ROM

If you have not preinstalled the Windows Recovery Console, you can start the computer and use the Recovery Console directly from your original Windows XP installation disc. If your computer is already in Windows and you want to add the Windows Recovery Console as a startup option, go to the next section "Adding the Windows Recovery Console as a startup option."

1. Insert the Windows XP CD into your CD drive and restart your computer. If you are prompted, select any options required to start (boot) from the CD.
2. When the text-based part of Setup begins, follow the prompts. Select the repair or recover option by pressing R.
3. If you have a dual-boot or multiboot system, select the installation that you want to access from the Recovery Console.
4. When you are prompted, type the Administrator password.
5. At the command prompt, type Recovery Console commands, and then you can refer to the commands that are listed in the "Available commands within Windows Recovery Console" section.
6. At any time, you can type Help for a list of available commands.
7. At any time, you can type Help commandname for help on a specific command. For example, you can type help attrib to display the help on the attributes command.
8. At any time, you can exit Windows Recovery Console by typing Exit at the command line.

Unless BC wants to run another scan

Hello everybody..
I really have a series problem with TR/Crypt.XPACK.Gen Trojan and its making me crazy..
It started about 3 days ago and its really really annoying specially with my Avira Antivirus and that TERRIBLE beep sound when its warning me about this Trojan..
I'm using Windows Vista Home Premium and Avira Antivirus and here is me logos..
Please can you help me I really really Appreciate it.. Thank you..^__^

[Saving space - attachment deleted by ADMIN]upPlease anybody? its really series i mean i can't update anything i really really need help.. I had the same problem and mine went from 3 of them to about 7 after I did an online scan from Pareto Logic which found 12 things i didn't know I had so i bought their antivirus program and it still didn't show those trojans or get rid of them. I had the free home versions of Avast, Anivira and AVG plus 3 SPYWARE programs. Avira was the only one who found these trojans and each time i scanned, i would either delete them or put in quarentine and they would be right back again the next time i scanned But the trojan was showing up in an Avast file all the time. I finally tonight UNINSTALLED Avast and ran Avira again and not one trojan turned up. I think Avast sees trojans in certain downloads and Avira sees them in Avast. So if you are running both programs get rid of Avast and they will go away. Another forum said trend micro online scanner would find and get rid of them but last night the site would not run the scan so i went to another forum reccommended on line scan which found some WORMS and things I didn't know I had as the 3 programs i was using didn't find any of them. Hope this helps.I'm RESPONDING to a 6 month old post...sheesh.

Hi all-I've finally figured out what is so terribly wrong with my computer, it's got UACD.sys

I haven't been able to REMOVE it because by looking at other forums and such, it seems I can't find it in my device manager...aych...This is my first time posting on here, and I'll do everything I've been told, just bear with me!

I am unable to run SUPERAntiSpyware installer--I believe as a result of the virus. Every time I try to install it, it says "SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience."

Similar situation going on with Malwarebytes. I've downloaded the installer and when I double-click and hit Run, nothing seems to happen. I've repeated it over and over with no luck.


I have attached my HJT log. Thanks sooo much for your help!



[attachment deleted by admin]Quote from: lisaread on June 05, 2009, 12:58:10 AM

Hi all-I've finally figured out what is so terribly wrong with my computer, it's got UACD.sys

I haven't been able to remove it because by looking at other forums and such, it seems I can't find it in my device manager...aych...This is my first time posting on here, and I'll do everything I've been told, just bear with me!

I am unable to run SUPERAntiSpyware installer--I believe as a result of the virus. Every time I try to install it, it says "SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience."

Similar situation going on with Malwarebytes. I've downloaded the installer and when I double-click and hit Run, nothing seems to happen. I've repeated it over and over with no luck.


I have attached my HJT log. Thanks sooo much for your help!

• ViewMgr.exe - Useless
  
• Viewpoint to Plunge Into Adware

• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  
• Viewpoint Toolbar
  
• Viewpoint Experience Technology

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

• Click on SCAN NOW
  
• Click Accept.
  
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  
• The scan will take a while, so be patient and let it finish.

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

• Unzip the program and all of the contents of ViewpointKiller.zip to a location such as your desktop.
  
• Double click the ViewpointKiller icon to run ViewpointKiller.exe.
  
• Select the File menu, and select Check to see if you have Viewpoint installed.
  
• If ViewpointKiller indicates that any of the Viewpoint variants are installed, select the proper Kill option in the File menu.

• Follow the prompts and instructions very carefully, answering Yes or No depending on which option you are most comfortable with.
  
• The MsConfig instructions are very important, so be sure to read them carefully.

• Note: When done with ViewpointKiller right click and delete all files that were unzipped.

• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
• Update Malwarebytes' Anti-Malware
  
• Launch Malwarebytes' Anti-Malware

• Then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply.

Today I opened up my laptop to see an error message. There is a box in the corner that shows up and goes away that says "windows security alert - application cannot be executed. The file ( wuauclt.exe, or logonui.exe ) is infected. Do you want to activate your antivirus software now?" Then in the middle of the screen a box saying the same thing shows up with only a yes or no choice. I can't open up my task manager to CLOSE the process. I booted up in safe mode and ran my spy sweeper but it didn't find anything. I am running my windows defender right now hoping something comes up. Any help would be great!Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the LOG from ComboFix when you've accomplished that.I ran windows defender before I got your post and it had me delete some kind of trojan, just to let you know!


ComboFix 10-01-29.05 - Owner 01/29/2010 20:33:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1917.1218 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spy Sweeper *disabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1893239248-1700074592-3436296051-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3025726274-3580096784-3175576736-500
c:\$recycle.bin\S-1-5-21-526720123-3731369257-2385391353-500
c:\programdata\ntuser.dat{0a1e0be4-0416-11dc-9bb7-0016d4f84854}.TMContainer00000000000000000001.regtrans-ms
c:\programdata\ntuser.dat{0a1e0bf4-0416-11dc-9bb7-0016d4f84854}.TMContainer00000000000000000001.regtrans-ms
c:\users\Owner\AppData\Local\jkodfg
c:\users\Owner\AppData\Local\jkodfg\jkmgsysguard.exe
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-30 03:54 . 2010-01-30 03:55--------d-----w-c:\users\Owner\AppData\Local\temp
2010-01-30 03:54 . 2010-01-30 03:54--------d-----w-c:\users\Default\AppData\Local\temp
2010-01-30 00:21 . 2010-01-30 03:271356----a-w-c:\users\Owner\AppData\Local\d3d9caps.dat
2010-01-22 15:53 . 2009-12-18 13:05833024----a-w-c:\windows\system32\wininet.dll
2010-01-22 15:52 . 2009-12-18 10:1426624----a-w-c:\windows\system32\ieUnatt.exe
2010-01-22 15:52 . 2009-12-18 13:0178336----a-w-c:\windows\system32\ieencode.dll
2010-01-13 00:53 . 2009-10-19 14:27156672----a-w-c:\windows\system32\t2embed.dll
2010-01-13 00:53 . 2009-10-19 14:2472704----a-w-c:\windows\system32\fontsub.dll
2010-01-04 22:50 . 2010-01-04 22:50484976----a-w-c:\programdata\Google\Google Toolbar\Update\gtb7DAF.tmp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 10:05 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail
2010-01-14 18:12 . 2009-10-03 15:18181120------w-c:\windows\system32\MpSigStub.exe
2010-01-08 01:16 . 2009-11-28 05:47439816----a-w-c:\users\Owner\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-12-26 17:00 . 2009-12-26 17:00690952----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-05 10:26 . 2007-09-17 23:0899248----a-w-c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2008-01-19 1233920]
"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2008-01-19 12800]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-27 538744]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-20 5361464]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-11 289576]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-28 185872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;c:\windows\System32\drivers\SSFS0BB8.sys [9/17/2007 4:47 PM 20280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobileREG_MULTI_SZ wcescomm rapimgr
LocalServiceRestrictedREG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-01-29 c:\windows\Tasks\User_Feed_Synchronization-{FBE6505F-01AD-400C-AF18-2E2CDE0C0481}.job
- c:\windows\system32\msfeedssync.exe [2008-06-08 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c56rv4xy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKCU-Run-wmxloyby - c:\users\Owner\AppData\Local\jkodfg\jkmgsysguard.exe
HKLM-Run-Lexmark 2200 Series - c:\program files\Lexmark 2200 Series\lxbvbmgr.exe
AddRemove-unInsttygtr - c:\program files\Alfred Interactive\DeIsL1.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 21:03
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-29 21:05:12
ComboFix-quarantined-files.txt 2010-01-30 04:04

Pre-Run: 133,474,402,304 bytes free
Post-Run: 134,151,962,624 bytes free

- - End Of File - - CC3481096D01349B349B724CA40B2A08
Hi again. Please do these steps in order.

1. Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

• MBAM log
• SAS log
• ESET log

• Go to Control Panel and select System and Maintenance
  
• Select System
  
• On the left select Advance System Settings and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name i.e. Clean
• Select Create

• Go back to the System and Maintenance page
  
• Select Performance Information and Tools
  
• On the left select Open Disk Cleanup
  
• Select Files from all users and accept the warning if you get one
  
• In the drop down box select your main drive i.e. C
• For a few moments the system will make some calculations
• Select the More Options tab
  
• In the System Restore and Shadow Backups select Clean up
  
• Select Delete on the pop up
  
• Select OK
• Select Delete

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

• Microsoft Security Essentials: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  
• AVG Free: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

I didn't know which forum topic to pick so since my question pertains to security, her it is.

I want to use MG, am I opening up myself to any new viral threats having a phone connection alive all the time?

I follow your security update protocol suggestions religiously. Do I need to add or know ANYTHING different if I add this capability?

To use it, it requires I Explorer browser open; does my windows firewall protect me? Should I use COMODO free or am I just over reacting?

Thanx for your advice.



Hello, your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. ~ DragonMaster JayFound a few things.

http://www.ripoffreport.com/Computer-Fraud/Magic-Jack/magic-jack-warning-dont-buy-in-4cgcb.htm

http://www.wptv.com/content/investigative/story/Contact-5-Investigation-Magic-Jack/veK8V79B6Uefvc7oedLWTA.cspx

I also found positive reviews from a few trusted sources so it might be a case of having to see for yourself.I think the positive reviews out way the negative.

My question is; by using 'MJ' does it pose any new personal security risks to me as a web connection by using it?

Is my PC vulnerable because MJ is connected? Of course MJ itself could be hacked. Is it the firewall that protects the user?

Thanks.

T It looks like the main problem people have is that they didn't have enough money in their bank accounts when the company made an authorization. Whenever considering a service, especially one that uses your credit card or bank account, it is important to check their FAQ's. And the MagicJack site does indeed say that they will likely place a hold on your account, so make sure you have the funds available. If you're not satisfied with the product, you can ship it back before the trial is over and the hold will be removed. The money is not actually processed until after the trial (and if you have decided to keep it).

As far as I know, there shouldn't be any security CONCERNS with using a product like this. At least no more than any other wireless connection. You should, however, be aware of their advertising policy:

Quote

11. Advertisements
You also understand and agree that use of the magicJack device and Software will include advertisements. Advertisements will be served through the magicPage™ Software or the magicJack softphone - the software/softphone attempts to serve local advertisements and classifieds using a completely automated process that enables us to effectively target dynamically changing content. Our computers may analyze the phone numbers you call and your registration information in order to improve the relevance of the ads. We do not provide any personal information to our advertisers or third parties. magicJack has a policy of restricting advertisers that it believes are INAPPROPRIATE, but it does not guarantee the accuracy or integrity of any advertisers and does not endorse any of the advertisements that may appear in connection with use of the magicJack device. You also understand and agree that use of the magicJack device and Software may include certain communications, such as service announcements, administrative messages and newsletters, and you will not be able to opt out of receiving them.

19. AUTOMATIC Updates
The magicJack device and/or Software may communicate with magicJack's servers to check for available updates to the Software and/or magicPage™, including bug fixes, patches, missing plug-ins and new versions (collectively, "Updates"), however magicJack has no obligation to provide you with such Updates and we do so solely at our option. Updates do not include access to the Upgraded Software described in Section 5 above. To ensure that you have the most recent Updates for the Software you should periodically visit http://www.magicJack.com to check for Updates. magicJack may send and access magicJack cookies on your computer. A "cookie" is a small file containing information about you that is sent to your computer when you visit a website. When you visit the website again, the cookie allows that site to recognize such things as your browser, user preferences and other information to optimize the performance of magicJack. During the Update process, the Software may send to magicJack or its partners a request for the latest Software version. By installing the magicJack Software, you hereby agree to allow magicJack the option to automatically provide Updates from magicJack and/or its partners' servers.

3. Internet Communications Feature
a) Incoming Calls:

When you first register, as part of the available features, you may elect to choose a unique phone number, which will allow you to receive free phone calls over the Internet. The phone number chosen will be allocated provided we determine that it is legally permissible. If you are eligible for a phone number, it will be allocated to you as soon as reasonably possible after we have received your request. YMAX Communications Corporation may be the provider of your phone number and/or inbound calls. We do not guarantee that a requested phone number can be allocated to you or that you can make use of the incoming call feature. The allocation of a phone number to you does not constitute any transfer of title, ownership, license or other rights with regard to the phone number; and the phone number is not portable to other service providers. We may, without any liability, refuse, change or terminate any phone number at anytime. If we change the phone number that has been allocated to you, we will notify you, stating the effective date of the change and your new phone number. If you do not wish to accept this new phone number, you are entitled to cancel this Agreement; however, you will not be eligible for any refund unless you terminate the Agreement within 30 days of purchase of the magicJack device and qualify for a refund as further described in Section 2 of this Agreement. We will not be liable for any damages resulting from the change of the phone number.

Malwarebytes' Anti-Malware 1.44
Database version: 3667
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

1/02/2010 7:41:43 AM
mbam-log-2010-02-01 (07-41-43).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 316142
Time elapsed: 3 hour(s), 1 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\secfile (Trojan.Fakealert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Geoorgina\Local Settings\Application Data\av.exe (ROGUE.Win7Antispyware2010) -> Delete on reboot.
Computer is running fine from what I can tell so far. No Vista Anti-Virus 2010 alerts have appeared and I am able to run my PROGRAMS easily.Ok. Let's clean up, then all good.

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
  
• Select System
  
• On the left select Advance System Settings and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name i.e. Clean
• Select Create

• Go back to the System and Maintenance page
  
• Select Performance Information and Tools
  
• On the left select Open Disk Cleanup
  
• Select Files from all users and accept the warning if you get one
  
• In the drop down box select your main drive i.e. C
• For a few moments the system will make some calculations
• Select the More Options tab
  
• In the System Restore and Shadow Backups select Clean up
  
• Select Delete on the pop up
  
• Select OK
• Select Delete

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback ADDRESS, meaning it will be difficult to infect your computer in the future.
  

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

File::
c:\programdata\h8srtmainqt.dll
c:\programdata\h8srtkrl32mainweq.dll

SecCenter::
{68A41C74-A1E9-48F8-B2E5-D8232211AB6D}


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

--------------------------------------------------------------------------------

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To DISABLE the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

Hi SD

I have run all things, all seems to be fine now. I have attached the combofix log.
FYI I had the latest version of Java. I've deleted the old ones though.

Thanks

Olivier

[Saving space, attachment deleted by admin]ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop. (Vista users: Right-click & run as Administrator)
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan LogHi SD,

Am in the middle of moving so unable to connect to the internet from my new place just yet.

I've run the online scan ESET and SuperAntiSpyyware for fun...I have attached both logs fyi.

[Saving space, attachment deleted by admin]All the logs look good. If there are no other issues, let's do some clean-up. You can uninstall HJT and ESET but you may keep SAS and MBAM. Update them and run them EVERY so often depending on your internet activity.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

Download OTC by OldTimer and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing CONNECTIONS. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thanks SD for your help, everything is running smoothly now.
I have the bitdefender total security 2010 firewall, isn't it sufficient? It was PROBABLY turned off when the log was created but it's normally always on!That sounds good. Safe Surfing.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/03/2009 at 01:58 AM

Application Version : 4.27.1002

Core Rules Database Version : 4330
Trace Rules Database Version: 2185

Scan type : Complete Scan
Total Scan Time : 01:56:37

Memory items scanned : 561
Memory threats detected : 0
Registry items scanned : 8191
Registry threats detected : 0
File items scanned : 185677
File threats detected : 0



Malwarebytes' Anti-Malware 1.41
Database version: 3285
Windows 6.0.6001 Service Pack 1

12/3/2009 1:33:56 PM
mbam-log-2009-12-03 (13-33-56).txt

Scan type: Full Scan (C:\|J:\|)
Objects scanned: 312411
Time elapsed: 54 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:15 PM, on 12/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files (x86)\HP\HP Software UPDATE\hpwuSchd2.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QUICKTIME Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [Pinnacle Game PROFILER] "C:\Program Files (x86)\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SafeConnect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: 1244163591SsTR (.1244163591SsTR) - Unknown owner - C:\ProgramData\Webroot\Kyle084408.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APPLE Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: HP Health Check Service - Unknown owner - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files (x86)\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10516 bytes

I went through all of the steps and still I am getting redirected. I downloaded and installed Firefox to see if IE was corrupted, but the redirection happens on Firefox also. The computer also seems to run slow, and I hear a lot of hard disk activity. Here are my logs.

Thanks in advance.

Regnistep

[Saving space, attachment deleted by admin]1. Go to start run, TYPE %temp% , ok , del all the folders/files in that folder
2. Go to start run, type prefetch , ok then del all the folders/files in that folder
3. Empty recycling bin
4. Download and install spybot http://download.cnet.com/Spybot-Search-amp-Destroy/3000-8022_4-10122137.html . scan for updates, then check for problems and then remove what it has found. (watch the video for more info
5. Restart Computer
6. Download and install regsofts http://www.regsofts.com/ (do a full scan, then click fix errors) then restart computer

If that still does not fix your problem install an antivirus scanner (if you do not already have one). Avast or avg is recommended and are both free. (Remember only one antvirus scanner per computer)

If steps 1-6 did not fix your problem, i will help you with the next steps.I got as far as teh Spybot step, and now the computer is turning itself off and offering me 30 seconds to select safe mode, and then it shuts down and restarts the whole process again. I turned the power off to stop this endless cycle. Any clue on what to do now?Hello regnistep!! I will be handling your case under the supervision of Malware Removal Expert Evilfantasy.

A few things before we start....
1. Please Read All Instructions Carefully.
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you.
4. If you have to go away for an extended period of time, let me know.
5. Please continue to respond until I give you the "All Clear".
(Just because you can't see a problem doesn't mean it isn't there)



1) Have "HijackThis" fix the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and close"HijackThis".Please close any open programs before doing this fix.


Quote

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

i m using win xp 2,i need GOOD firewall can someone tell me where can i get firewall from any sharing site,i m using nod32 V4 it doesn't has firewall thanks.I assume you are not using a router?A good software firewall is Online Armor. There are free version and paid versions.

Difference is between free and paid is that free version has no automatic update check and are missing the FEATURES for which your nod32 AV should cover.




If you update (recommended) to SP3 you will then have a good firewall.

Hi anyone willing to help,

I will now try to describe any relevant background and symptoms. The log files are pasted in the end. Any HINT would be much appreciated.

Background:
- bought a second-hand laptop about a year ago via Ebay from a guy with a huge number of positive ratings (D610, 2GHz, 2GB RAM, 75GB HD)
- legitimate copies of Windows XP Pro 2002, Office and others istalled, no install CD-s (that's why I'm here, otherwise would have formatted the hard drive and re-installed)
- installed SP3 and all security updates
- was stupid enough to install a crack to Eset Nod32 antivirus right after buying called TemDono or something, gives 31days to expiry until 2050, for a year everything has been fine, though (now uninstalled both Nod32 and the crack, no more cracked programs on the computer)
- maybe three weeks or so ago my partner started to download movies via BitTorrent
- Nod32 recognized some movie files as trojan downloaders and terminated downloads
- I think its log said it also prevented running others that were already downloaded
- some movies wouldn't start but just said 'use Windows Media Player'
- around about then all the funny stuff started (see description below)
- no entertainment has been downloaded since
- did all the 'Malware Removal Steps' demanded

Symptoms:
- takes much longer than before to reboot, lots of hard disk activity; also playing the windows tune at reboot is interfered with lots of hard disk activity and doesn't play smoothly
- starting a web browser first time after reboot takes long
- before installing AntiVir got Windows Security Center warning about firewall being turned off, clicked the BALLOON and it appeared on
- before installing AntiVir did not get Windows update notifications (it's set to ask before downloading and installing), afterwards seen it twice showing 0% downloaded without asking for permission and then disappearing
- Spy Sweeper fails to contact its server (it's outdated, could that be the reason?)
- Spy Sweeper once said it blocked something trying to access spysherrif.com while I hadn't even touched the computer for a couple minutes; Firefox was probably open then
- Sysinternals Autoruns didn't show anything I would consider suspicious
- Sysinternals RootkitRevealer showed:
* HKU\S-1-5-21-1202660629-1844823847-1417001333-1008\Software\Skype\Toolbars\Firefox\ExtensionVersion
'mismatch between Windows API and raw hive data' - which I deleted but it came back
* HKLM\SECURITY\Policy\Secrets\SAC* and ...SAI*
'Key name contains embedded nulls (*)'
* Local Settings\Application Data\Mozilla\Firefox\Profiles\b3vfslns.default\Cache\...
many files 'Hidden from Windows API' and 'Visible in Windows API, but not in MFT or directory index' - I deleted all cache
- RootkitRevealer log files invisible (not hidden) on the desktop, even if 'Desktop' opened from Windows Explorer, only visible if 'Save' dialog box opened from RootkitRevealer and accessible via right click from there
- logged on under my partners account some hard disk and modem activity when idle and all unnecessary resident programs such as Messenger, Skype, etc. turned off, this didn't happen before
- 'Ethernet' light sometimes flashing on the modem when computer turned off, never happened before

Logs:

SUPERAntiSpyware SCAN Log
http://www.superantispyware.com

Generated 12/04/2009 at 02:46 PM

Application Version : 4.31.1000

Core Rules Database Version : 4334
Trace Rules Database Version: 2188

Scan type : Complete Scan
Total Scan Time : 02:44:26

Memory items scanned : 494
Memory threats detected : 0
Registry items scanned : 6981
Registry threats detected : 0
File items scanned : 48447
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\user1\Cookies\[emailprotected][1].txt
C:\Documents and Settings\user1\Cookies\[emailprotected][2].txt
C:\Documents and Settings\user1\Cookies\[emailprotected][2].txt
C:\Documents and Settings\user1\Cookies\[emailprotected][2].txt


Malwarebytes' Anti-Malware 1.42
Database version: 3291
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/4/2009 3:28:40 PM
mbam-log-2009-12-04 (15-28-40).txt

Scan type: Quick Scan
Objects scanned: 123052
Time elapsed: 16 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:30 PM, on 12/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\INTEL\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\NERO\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 9134 bytes

I’ve spent hours and hours trying everything I can think of from defragging to deleting temp Internet files to deleting browser add-ons, uninstalling unneeded programs, running anti-virus, anti-spy, anti-mal countless times, and on and on but my pc is STILL running SUPER SLOW- applications hang constantly, especially Internet Explorer 8 – I get "Not RESPONDING" dozens of times per session – many times I can’t close web sites that are "Not Responding", not even with Task Manager – When I’m online, Task Manager always shows there are TWO Internet Explorer processes running, one using around 70, - 95, kb and the other using around 10, - 14, kb. Symptoms seem to get worse at night after being on the Internet for a while.

Don’t know if this is related but it started around the same time. When I boot up now it doesn’t go directly to Windows anymore. It stops at the first black screen and prompts me to press F-1 before it will continue.

I run anti-virus AVG 9 everyday, and keep it updated. (This may be of interest) > A couple of days ago when I ran AVG 9 in Safe Mode, I had to click on it 4-5 times before it would open.
When it finished running there was a message that said "Scan log was repaired". It showed zero "threats" but "found" was 139. Which turned out to be 139 locked files that couldn’t be scanned. Most of which seemed to be music files. I noticed them in the recycle bin when I emptied it. Hope that got rid of them.

I run Wise Registry Cleaner and Wise Disk Cleaner on a regular basis.
I just switched from AdAware to SuperAntiSpyware and Malwarebytes because the new AdAware installed it’s self as a "service" and ran in the background constantly!

Someone said the reason my machine is running so slow is because I’ve got a virus/ Trojan/ worm, etc. that is continuously trying to connect with other ISP addresses on the Internet to spread it’s self. The instructions on how to find it said click:
Start – Run – at command prompt type: "Netstat – no" – Find the process with a large number of open connections that are not yet established – HOWEVER when I type "Netstat – no" and hit enter, the screen shows it’s self for a tenth of a second and then it’s GONE! This happened repeatedly and still happens.

I’m so sick of "Not Responding", "End Now", "You chose to end the Non Responsive program ___, Tell Microsoft about it" and I’m tired of falling asleep waiting for a web site to open or to close. I’m so frustrated! I’ve done everything I can think of! Any help you can provide would be greatly appreciated!

I’ve done all the initial stuff, and the HJT Log tool showed “No Threats”, I just don’t know what else to do!
I’m posting the three logs below in hopes that SOMEONE can please help.
Thank you all for being here for us.

Sincerely,

“Hawk”


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/26/2009 at 09:46 PM

Application Version : 4.31.1000

Core Rules Database Version : 4314
Trace Rules Database Version: 2177

Scan type : Complete Scan
Total Scan Time : 00:54:04

Memory items scanned : 385
Memory threats detected : 0
Registry items scanned : 4316
Registry threats detected : 0
File items scanned : 28732
File threats detected : 12

Adware.Tracking Cookie
C:\Documents and Settings\Tim\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Tim\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Tim\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Tim\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Tim\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Tim\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Tim\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Tim\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Tim\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Tim\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Tim\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Tim\Cookies\[emailprotected][1].txt

_________________________________ 0 ________________________________


Malwarebytes' Anti-Malware 1.41
Database version: 3240
Windows 5.1.2600 Service Pack 3

11/26/2009 10:26:51 PM
mbam-log-2009-11-26 (22-26-51).txt

Scan type: QUICK Scan
Objects scanned: 118051
Time elapsed: 10 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


___________________________ 0 _____________________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:32 PM, on 11/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tds.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MySpace
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[emailprotected]
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1041417460468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257544677125
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90FCCF32-BA71-455F-9E2E-DAFBCD5C39B7}: NameServer = 216.165.129.157,216.170.153.146
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: CARD Adapter (NETDown) - Unknown owner - C:\WINDOWS\smss.exe (file missing)

--
End of file - 5373 bytes


A google searched revealed the following:

Anyone noticed that in WindowsXP, IE8 runs TWO iexplore.exe in Task Manager?

The first process can use up to 80,000K of memory and the second copy can use 16,000K. I feel like 96,000K is a lot of memory for IE, especially when a friend who has Windows7 says his IE8 only uses 5-15,000K.

At first I thought it was malware because it was using so much memory. I exhausted myself running all kinds of scans to get rid of it only to realize it was IE8 itself. I was informed recently, it's because of the the Tabs feature and crash recovery. When I uninstalled IE8 and went BACK to IE7, the problem stopped.

Just something interesting that might save others the frantic search to root out adware. I suppose the bottom line is DO NOT USE IE8 on WinXP.


So I plan on reverting back to ie7. I'll let you know how that works out.




"Hawk"

Hi,

I began with receiving the warning "C:/windows/sysvxd.exe" has encountered an illegal instruction. After going through the malware removal steps shown here, I have attached the following LOGS. Any help or advice is much appreciated.

thank you,
paul

Super Spyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/05/2009 at 00:17 AM

Application Version : 4.31.1000

Core Rules Database Version : 4338
Trace Rules Database Version: 2191

Scan type : Complete Scan
Total Scan Time : 01:56:24

Memory ITEMS scanned : 656
Memory threats detected : 0
Registry items scanned : 5691
Registry threats detected : 45
File items scanned : 78078
File threats detected : 277

Trojan.Agent/Gen
[SVCHOST.EXE] C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE
C:\WINDOWS\Prefetch\SVCHOST.EXE-060F5E7E.pf

Adware.Vundo/Variant
HKLM\Software\Classes\CLSID\{ABD42510-9B22-41cd-9DCD-8182A2D07C63}
HKCR\CLSID\{ABD42510-9B22-41CD-9DCD-8182A2D07C63}
HKCR\CLSID\{ABD42510-9B22-41CD-9DCD-8182A2D07C63}
HKCR\CLSID\{ABD42510-9B22-41CD-9DCD-8182A2D07C63}\InProcServer32
HKCR\CLSID\{ABD42510-9B22-41CD-9DCD-8182A2D07C63}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\IEHELPER.DLL
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ABD42510-9B22-41CD-9DCD-8182A2D07C63}

Adware.SysGuard/FakeAlert
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\Software\Microsoft\Windows\CurrentVersion\Run#SYSTEM tool [ C:\WINDOWS\sysguard.exe ]

Rogue.Agent/Gen
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#aazalirt
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#skaaanret
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#jungertab
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#zibaglertz
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#iddqdops
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#ronitfst
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#tobmygers
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#jikglond
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#tobykke
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#klopnidret
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#jiklagka
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#salrtybek
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#seeukluba
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#jrjakdsd
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#krkdkdkee
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#dkewiizkjdks
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#dkekkrkska
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#rkaskssd
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#kuruhccdsdd
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#krujmmwlrra
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#kkwknrbsggeg
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#ktknamwerr
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#iqmcnoeqz
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#ienotas
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#krkmahejdk
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#otpeppggq
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#krtawefg
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#oranerkka
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#kitiiwhaas
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#otowjdseww
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#otnnbektre
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#oropbbsee
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#irprokwks
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#ooorjaas
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#id
HKU\S-1-5-21-1836684253-2491509165-1213832413-1006\SOFTWARE\AVSCAN#ready

Adware.Tracking Cookie
www.imagesbycj.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.ad.doubleclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
ad.doubleclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
ad.doubleclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.googleadservices.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.adserver.adtechus.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.adcentriconline.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.chitika.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.yieldmanager.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.yieldmanager.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.gostats.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.content.yieldmanager.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.content.yieldmanager.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.bellcan.adbureau.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.adbureau.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.bluestreak.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
rbc.bridgetrack.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
rbc.bridgetrack.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
rbc.bridgetrack.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
rbc.bridgetrack.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
rbc.bridgetrack.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
rbc.bridgetrack.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
rbc.bridgetrack.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
rbc.bridgetrack.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
rbc.bridgetrack.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
rbc.bridgetrack.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
rbc.bridgetrack.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
rbc.bridgetrack.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
rbc.bridgetrack.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
www.3dstats.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.bizrate.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.creview.adbureau.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
www.youngpornmovies.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.youngpornmovies.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.youngpornmovies.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.*ADULT URL* [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.*adult URL* [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.*adult URL* [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.*adult URL* [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.*adult URL* [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.*adult URL* [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.*adult URL* [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
weownthetraffic.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.pointroll.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.pointroll.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.at.atwola.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.at.atwola.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
www.etracker.de [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
www.zanox-affiliate.de [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.eb.adbureau.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.killerdana.112.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
cct.clickable.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.canadapost.112.2o7.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.thefind.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.thefind.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.thefind.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.thefind.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.www.burstnet.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.rogersmedia.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.analytics.rogersmedia.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.shared.rogersmedia.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.ehg-corusentertainment.hitbox.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.ehg-corusentertainment.hitbox.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.smartadserver.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
z.blogads.com [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]
.videoegg.adbureau.net [ C:\Documents and Settings\Paul Willson\Application Data\Mozilla\Firefox\Profiles\6eaziln4.default\cookies.txt ]

Trojan.Agent/Gen-ImageDocFake
C:\WINDOWS\6878403.DOC
C:\WINDOWS\7418649.DOC

Trojan.Dropper/Win-NV
C:\WINDOWS\SYSSVC.EXE

NEXT LOGS TO FOLLOW
double post

MBAM LOG:
_________

Malwarebytes' Anti-Malware 1.42
Database version: 3298
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

05/12/2009 12:43:58 AM
mbam-log-2009-12-05 (00-43-58).txt

Scan type: Quick Scan
Objects scanned: 112211
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
REGISTRY Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


HIJACK THIS LOG:
______________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:46 AM, on 05/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 www.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 secure.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 knocker
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MOTIVE SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint HIGH Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9159 bytes
double post


these 2 logs should have been in your first post Apparently I exceeded the maximum size for a post with all 3 logs, so I COULD not post my message in 1 part.ok , its so that you know next time , you should have open no.1 3 times and posted 3 times if need beSorry, I should have thought of that. Thank you.

Hello SD,

thanks for your replys. I'm a bit confused now because your two psots are so complete contrary. Of course I will again change my passwords and LOOK after my credit cards but are you really sure that my pc is safe now? MAYBE I should do a re-format?
And can you explain me where the trojans FOUND my credit card information? somewhere in the browser? although I used ccleaner quiet regularly? I really would like to know better how i can avoid that it happens again.

Thanx,
DanielaHello saxophon. As soon as I saw the information about a backdoor trojan in your ESET scan I issued the warning. Afterwards, I spoke to my mentor and he ASSURES me that your computer is safe. Having a good firewall that BLOCKS out-going traffic is one major way of stopping information from your computer getting out. Is it possible that someone was able to steal the information from you credit card in the real world.(outside of your computer.) This article will help explain how they work at stealing information.
Read this article: Danger: Remote Access Trojans.

Try this. How to reset Internet Explorer settings http://support.microsoft.com/kb/923737Hi. reset internet explorer as Microsoft bulletin, twice and rebooted between each one, tried to install SP3 and still getting the same installation failed message.

GaryPlease do the following:

1. DOWNLOAD this diagnostics tool MGADiag.exe and SAVE this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.

----------

Also try Dial-a-fix.

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

• Open the folder and run Dial-a-fix.exe
• 2 windows will open. Close the one in the background labeled Restrictive Policies
• Check the BOX in section 1, Empty temp folders.
  
• Check the box in section 2, Fix Windows Installer.
  
• Check the box in section 3, Fix Windows Update.
  
• Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
  
• Check all boxes in section 5, labeled Registration Center.
  
• Click Go
  
• OK any error messages if received, but write them down and post them here.
• Restart the computer when done.

OK then, but how do you start the recovery console on XP?
Thanks, Jeff

=====
Well, on startup you see the normal screen LISTING drives for a second, but even if you have F8 down this comes up:

TRAP 00000006=======EXCEPTION=======
tr=002 cr0=00000011 cr2=00000000 cr3=00039000
gdt limit=03FF base=0003F000 idt limit=07FF base=0003F400
cs:eip=0008:0040737F SS:esp=0010:0005F95C errcode=0000
flags=00010086 NoCy NoZr IntDis Down TrapDis
eax=0008000 ebx=00008000 exc=00000000 edx=00480001 ds=0010 es=0010
edi=88587588 esi=00488000 ebp=0005F978 cr0=80000011 fs=0030 gs=0000

Report abuse | 174.91.46.177
Allan
Egghead
*
Posts: 2986

Thanked: 189
OS: Windows Vista
Experience: Guru



985598
View Profile WWW Online
Re: F8 doesn't work
« Reply #4 on: TODAY at 09:58:07 AM » Reply with QUOTE
When did this start?
Did XP EVER boot correctly?
What is different since the last time it did boot correctly (new hw, sw, virus, error, etc)?
What type of system?
Have you run a diagnostic on your ram?
Have you recently flashed the bios?
Have you tried booting to the recovery console and running chkdsk /r
Thank Allan for their post. | Report abuse | IP logged
Allan
Forum Admin
Tweaks.com
wombat99
Topic Starter
Starter
*
Posts: 3

Thanked: 0
OS: Windows XP
Experience: Beginner


View Profile Online
Re: F8 doesn't work
« Reply #5 on: Today at 12:24:56 PM » Reply with quote Modify message
I think it was a virus last night. XP booted fine before that.
chkdsk /r ? Don't you have to use an F key to do that? The F keys don't work. I don't know how to do a RAM diagnostic or flash BIOS, but don't you have to use an F key for them, too?
Thanks for your help, I really appreciate it, Jeff
Report abuse | 204.187.150.30
Allan
Egghead
*
Posts: 2986

Thanked: 189
OS: Windows Vista
Experience: Guru



985598
View Profile WWW Online
Re: F8 doesn't work
« Reply #6 on: Today at 12:35:13 PM » Reply with quote
No, you do not need F8 for the recovery console. But more important, did you think you should tell us about the virus?

You need to post in the Virus & Malware section of this forum.
see the "read this first" post in this forum. (it's at the TOP). Follow all instructions and post the three logs. Then and only then will an expert (not me) be able to help you.

Hai

Hope someone can ASSIST. With regards to MICROSOFT Security Essential(MSE), software, i seem to GET some conflicting answers from my collegues who some says its good as its open source. Where another party says it does not work as good as other paid softwares ... like kaspersky or mcafee.

Being such, is it advisable to install this MSE in my Call center computers---there is 20 ??
Any advice guys/ladies?Computers must have the recommended anti-virus software installed and activated at all times. Failure to do so posed a high risk of virus infection which can wipe out the hard disk files and corrupt the software. If it is for business, I would suggest that you buy for a license one like Malwarebytes' Anti-Malware full version or SUPERAntiSpyware Professional.Quote

I would suggest that you buy for a license one like Malwarebytes' Anti-Malware full version or SUPERAntiSpyware Professional.

Where another party says it does not work as good as other paid softwares ... like kaspersky or mcafee.

This is what I found

This is what I found..Thanks to the housesitter...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/05/2009 at 00:21 AM

Application Version : 4.31.1000

Core Rules Database Version : 4338
Trace Rules Database Version: 2191

Scan type : Complete Scan
Total Scan Time : 01:11:28

Memory items scanned : 714
Memory threats detected : 0
Registry items scanned : 6058
Registry threats detected : 616
File items scanned : 71263
File threats detected : 109

Adware.MyWebSearch
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

Adware.Gamevance
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370F91F-6994-4595-9949-601FA2261C8D}
HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370F91F-6994-4595-9949-601FA2261C8D}
HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370F91F-6994-4595-9949-601FA2261C8D}
HKU\.DEFAULT\Software\gvtl
HKU\S-1-5-18\Software\gvtl

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\Fun Web Products
HKLM\SOFTWARE\Fun Web Products
HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
HKLM\SOFTWARE\Fun Web Products#CacheDir
HKLM\SOFTWARE\Fun Web Products\MSNMessenger
HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile
HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir
HKLM\SOFTWARE\Fun Web Products\ScreenSaver
HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
HKLM\SOFTWARE\Fun Web Products\ScreenSaver#PM
HKLM\SOFTWARE\Fun Web Products\Settings
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn
HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn
HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\Promos
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\FunWebProducts
HKLM\SOFTWARE\FunWebProducts
HKLM\SOFTWARE\FunWebProducts\Installer
HKLM\SOFTWARE\FunWebProducts\Installer#Dir
HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall
HKLM\SOFTWARE\FunWebProducts\Installer#sr
HKLM\SOFTWARE\FunWebProducts\Installer#pl
HKLM\SOFTWARE\FunWebProducts\Installer#CheckForConnection
HKLM\SOFTWARE\FunWebProducts\Installer#CacheDir
HKLM\SOFTWARE\FunWebProducts\Installer\downloaded
HKU\.DEFAULT\SOFTWARE\MyWebSearch
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\MyWebSearch
HKU\S-1-5-18\SOFTWARE\MyWebSearch
HKLM\SOFTWARE\MyWebSearch
HKLM\SOFTWARE\MyWebSearch\bar
HKLM\SOFTWARE\MyWebSearch\bar#Maximized
HKLM\SOFTWARE\MyWebSearch\bar#Visible
HKLM\SOFTWARE\MyWebSearch\bar#pid
HKLM\SOFTWARE\MyWebSearch\bar#fwp
HKLM\SOFTWARE\MyWebSearch\bar#mwsask
HKLM\SOFTWARE\MyWebSearch\bar#un
HKLM\SOFTWARE\MyWebSearch\bar#tiec
HKLM\SOFTWARE\MyWebSearch\bar#Dir
HKLM\SOFTWARE\MyWebSearch\bar#PluginPath
HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
HKLM\SOFTWARE\MyWebSearch\bar#sr
HKLM\SOFTWARE\MyWebSearch\bar#pl
HKLM\SOFTWARE\MyWebSearch\bar#Id
HKLM\SOFTWARE\MyWebSearch\bar#CacheDir
HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevision
HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevisionURL
HKLM\SOFTWARE\MyWebSearch\bar#ConfigDateStamp
HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision
HKLM\SOFTWARE\MyWebSearch\bar#sscSet
HKLM\SOFTWARE\MyWebSearch\bar#sscLabel
HKLM\SOFTWARE\MyWebSearch\bar#sscURL
HKLM\SOFTWARE\MyWebSearch\bar#SearchProvider
HKLM\SOFTWARE\MyWebSearch\bar#NextConfigRequest
HKLM\SOFTWARE\MyWebSearch\bar#LastConfigRequest
HKLM\SOFTWARE\MyWebSearch\bar#Flags
HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
HKLM\SOFTWARE\MyWebSearch\MWSOEMON
HKLM\SOFTWARE\MyWebSearch\MWSOEMON#Version
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Version
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Path
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#StandardSmileyDir.AIM
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.numActive2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.0
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.1
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.3
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.4
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.5
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.6
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.7
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.0.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.1.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.2.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.3.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.4.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.5.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.6.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.7.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.8.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.9.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.10.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.11.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.12.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.0.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.1.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.2.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.3.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.4.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.5.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.6.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.numActive2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.0
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.1
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.3
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.4
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.5
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.6
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.7
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.numActive2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.0
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.1
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.3
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.4
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.5
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.6
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.8
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.13.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.7.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.8
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.7
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.9
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.8
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.9
HKLM\SOFTWARE\MyWebSearch\OEHosts
HKLM\SOFTWARE\MyWebSearch\OEHosts#boscript
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows8
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows2
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows3
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows4
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows5
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows6
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows7
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows9
HKLM\SOFTWARE\MyWebSearch\SearchAssistant
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#mwsask
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Dir
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#CurInstall
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sr
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pl
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Id
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ConfigDateStamp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sscEnabled
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#eintl
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#NextRequest
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#LastRequest
HKLM\SOFTWARE\MyWebSearch\SkinTools
HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
HKCR\FunWebProducts.PopSwatterBarButton
HKCR\FunWebProducts.PopSwatterBarButton\CLSID
HKCR\FunWebProducts.PopSwatterBarButton\CurVer
HKCR\FunWebProducts.PopSwatterBarButton.1
HKCR\FunWebProducts.PopSwatterBarButton.1\CLSID
HKCR\FunWebProducts.PopSwatterSettingsControl
HKCR\FunWebProducts.PopSwatterSettingsControl\CLSID
HKCR\FunWebProducts.PopSwatterSettingsControl\CurVer
HKCR\FunWebProducts.PopSwatterSettingsControl.1
HKCR\FunWebProducts.PopSwatterSettingsControl.1\CLSID
HKCR\MyWebSearch.OutlookAddin
HKCR\MyWebSearch.OutlookAddin\CLSID
HKCR\MyWebSearch.OutlookAddin\CurVer
HKCR\MyWebSearch.OutlookAddin.1
HKCR\MyWebSearch.OutlookAddin.1\CLSID
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32#ThreadingModel
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance#CLSID
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag#Url
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32#ThreadingModel
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ProgID
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\Programmable
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\VersionIndependentProgID
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32#ThreadingModel
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32#ThreadingModel
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\ProgID
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\Programmable
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\TypeLib
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\VersionIndependentProgID
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32#ThreadingModel
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\Programmable
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\TypeLib
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32#ThreadingModel
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32#ThreadingModel
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\Programmable
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\TypeLib
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\FLAGS
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\FLAGS
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\FLAGS
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\FLAGS
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\FLAGS
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\FLAGS
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\FLAGS
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\FLAGS
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\FLAGS
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\FLAGS
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\FLAGS
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
HKLM\Software\FocusInteractive
HKLM\Software\FocusInteractive\bar
HKLM\Software\FocusInteractive\bar\Switches
HKLM\Software\FocusInteractive\bar\Switches#incmail.exe
HKLM\Software\FocusInteractive\bar\Switches#msimn.exe
HKLM\Software\FocusInteractive\bar\Switches#msn.exe
HKLM\Software\FocusInteractive\bar\Switches#outlook.exe
HKLM\Software\FocusInteractive\bar\Switches#waol.exe
HKLM\Software\FocusInteractive\bar\Switches#aim.exe
HKLM\Software\FocusInteractive\bar\Switches#icq.exe
HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe
HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe
HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe
HKLM\Software\FocusInteractive\bar\Switches#ypager.exe
HKLM\Software\FocusInteractive\bar\Switches#au
HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll
HKLM\Software\FocusInteractive\bar\Switches#ok
HKLM\Software\FocusInteractive\bar\Switches#od
HKLM\Software\FocusInteractive\bar\Switches#nk
HKLM\Software\FocusInteractive\bar\Switches#nd
HKLM\Software\FocusInteractive\Email-IM
HKLM\Software\FocusInteractive\Email-IM\0
HKLM\Software\FocusInteractive\Email-IM\0#Toolbar
HKLM\Software\FocusInteractive\Email-IM\0#AppName
HKLM\Software\FocusInteractive\Email-IM\0#Path
HKLM\Software\FocusInteractive\Outlook
HKLM\Software\FocusInteractive\Outlook#MyWebSearch.OutlookAddin
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#UrlInfoAbout
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar
C:\Program Files\MyWebSearch\bar\Cache\000174BD
C:\Program Files\MyWebSearch\bar\Cache\00017700.bin
C:\Program Files\MyWebSearch\bar\Cache\00017A4B.bin
C:\Program Files\MyWebSearch\bar\Cache\00017E33.bin
C:\Program Files\MyWebSearch\bar\Cache\00018671.bin
C:\Program Files\MyWebSearch\bar\Cache\00A66375.bin
C:\Program Files\MyWebSearch\bar\Cache\00A67037.bin
C:\Program Files\MyWebSearch\bar\Cache\00A67140.bin
C:\Program Files\MyWebSearch\bar\Cache\00A67315.bin
C:\Program Files\MyWebSearch\bar\Cache\032CD42A
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Cache
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\Game
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\History
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\icons
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Notifier
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch\SrchAstt\1.bin
C:\Program Files\MyWebSearch\SrchAstt
C:\Program Files\MyWebSearch
C:\Program Files\FunWebProducts\ScreenSaver\Images\01751FD6.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images
C:\Program Files\FunWebProducts\ScreenSaver
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\FunWebProducts\Shared\Cache
C:\Program Files\FunWebProducts\Shared
C:\Program Files\FunWebProducts

Trojan.Unclassified/MSFox
HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run#MSFox [ C:\DOCUME~1\Owner\LOCALS~1\Temp\a.exe ]
HKLM\SOFTWARE\Mozilla\MSFox
HKLM\SOFTWARE\Mozilla\MSFox#Str4
HKLM\SOFTWARE\Mozilla\MSFox#Str5
HKLM\SOFTWARE\Mozilla\MSFox#Str9
HKLM\SOFTWARE\Mozilla\MSFox#Str6
HKLM\SOFTWARE\Mozilla\MSFox#Str7
HKLM\SOFTWARE\Mozilla\MSFox#Str8
HKLM\SOFTWARE\Mozilla\MSFox#Str1
HKLM\SOFTWARE\Mozilla\MSFox#Str0
HKLM\SOFTWARE\Mozilla\MSFox#Int2
HKLM\SOFTWARE\Mozilla\MSFox#Int3

Trojan.Agent/Gen
HKU\.DEFAULT\SOFTWARE\XML
HKU\.DEFAULT\SOFTWARE\XML#dig13
HKU\.DEFAULT\SOFTWARE\XML#dig15
HKU\.DEFAULT\SOFTWARE\XML#dig4
HKU\.DEFAULT\SOFTWARE\XML#dig5
HKU\.DEFAULT\SOFTWARE\XML#dig10
HKU\.DEFAULT\SOFTWARE\XML#str6
HKU\.DEFAULT\SOFTWARE\XML#str8
HKU\.DEFAULT\SOFTWARE\XML#str9
HKU\.DEFAULT\SOFTWARE\XML#str13
HKU\.DEFAULT\SOFTWARE\XML#str1
HKU\.DEFAULT\SOFTWARE\XML#str5
HKU\.DEFAULT\SOFTWARE\XML#dig7
HKU\.DEFAULT\SOFTWARE\XML#dig8
HKU\.DEFAULT\SOFTWARE\XML#dig6
HKU\.DEFAULT\SOFTWARE\XML#dig17
HKU\.DEFAULT\SOFTWARE\XML#str15
HKU\.DEFAULT\SOFTWARE\XML#str128
HKU\.DEFAULT\SOFTWARE\XML#str129
HKU\.DEFAULT\SOFTWARE\XML#dig3
HKU\.DEFAULT\SOFTWARE\XML#str0
HKU\.DEFAULT\SOFTWARE\XML#str14
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig15
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig4
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig5
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str14
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig10
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str6
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str8
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str9
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str13
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str1
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str5
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig7
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig8
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig6
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig17
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str15
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str128
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str129
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig3
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str0
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig9
HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig13
HKU\S-1-5-18\SOFTWARE\XML
HKU\S-1-5-18\SOFTWARE\XML#dig13
HKU\S-1-5-18\SOFTWARE\XML#dig15
HKU\S-1-5-18\SOFTWARE\XML#dig4
HKU\S-1-5-18\SOFTWARE\XML#dig5
HKU\S-1-5-18\SOFTWARE\XML#dig10
HKU\S-1-5-18\SOFTWARE\XML#str6
HKU\S-1-5-18\SOFTWARE\XML#str8
HKU\S-1-5-18\SOFTWARE\XML#str9
HKU\S-1-5-18\SOFTWARE\XML#str13
HKU\S-1-5-18\SOFTWARE\XML#str1
HKU\S-1-5-18\SOFTWARE\XML#str5
HKU\S-1-5-18\SOFTWARE\XML#dig7
HKU\S-1-5-18\SOFTWARE\XML#dig8
HKU\S-1-5-18\SOFTWARE\XML#dig6
HKU\S-1-5-18\SOFTWARE\XML#dig17
HKU\S-1-5-18\SOFTWARE\XML#str15
HKU\S-1-5-18\SOFTWARE\XML#str128
HKU\S-1-5-18\SOFTWARE\XML#str129
HKU\S-1-5-18\SOFTWARE\XML#dig3
HKU\S-1-5-18\SOFTWARE\XML#str0
HKU\S-1-5-18\SOFTWARE\XML#str14

Adware.Tracking Cookie
C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected]ker[1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected]*censored*[2].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected]*censored*[1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected]*censored*[1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
Malwarebytes' Anti-Malware 1.42
Database version: 3298
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/5/2009 12:54:39 AM
mbam-log-2009-12-05 (00-54-39).txt

Scan type: Quick Scan
Objects scanned: 115141
Time elapsed: 7 minute(s), 14 second(s)

The Hijackthis.exe had to be run in safemode--how can I get the results posted? Thank you for ANY help!!

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 38
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{85e0b171-04fa-11d1-b7da-00a0c90348d7} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b4a78d29-52b1-4a7b-bac0-1471bedf9836} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Owner\Application Data\FunWebProducts (Adware.MyWebSearch) -> Delete on reboot.
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)
Thanked: 0
OS: Windows XP
Experience: Beginner


Re: f3dtactl.dll in quarantine, should I delete it?
« Reply #4 on: Today at 12:53:08 PM »

--------------------------------------------------------------------------------

Heres the log file from SafeMode. Thank you again..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:38 AM, on 12/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iYogi SupportDock\Recovery\CBP\DCSchdler.exe
C:\Program Files\iYogi SupportDock\Recovery\EFB\efbfs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\iYogi SupportDock\Recovery\EFB\EfbSchedule.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\SingleClick Systems\HomeNet Manager\hnm_svc.exe
C:\Program Files\iYogi SupportDock\Recovery\Fsloader.exe
C:\Program Files\iYogi SupportDock\Recovery\VBPTask.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iYogi SupportDock\Recovery\VerChk.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iYogi SupportDock\iYogiSupportDock.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HIGH Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [iYogiToolbar] C:\Program Files\iYogi SupportDock\iYogiSupportDock.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\Owner\LOCALS~1\Temp\a.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Startup Manager] "C:\Program Files\iYogi SupportDock\Optimize\startupmanager.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-789336058-1580436667-682003330-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')
O4 - HKUS\S-1-5-21-789336058-1580436667-682003330-501\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Guest')
O4 - HKUS\S-1-5-21-789336058-1580436667-682003330-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Guest')
O4 - HKUS\S-1-5-21-789336058-1580436667-682003330-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Guest')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HomeNet Manager.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm869MTUS
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155318736640
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Backup Scheduler - Unknown owner - C:\Program Files\iYogi SupportDock\Recovery\CBP\DCSchdlerSRVC.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Backup File Event Manager (efbfs) - iYogi Technology, Inc. - C:\Program Files\iYogi SupportDock\Recovery\EFB\efbfs.exe
O23 - Service: General Network Service - Unknown owner - c:\windows\winsocks32.exe (file MISSING)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\SingleClick Systems\HomeNet Manager\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Real time Backup Loader - Unknown owner - C:\Program Files\iYogi SupportDock\Recovery\Fsloader.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15389 bytes
I ran the programs, which was a great help in finding stuff I didn't even know I had, as suggested and have posted my logs. By my logs, is it safe to assume that my problems are cleared? I appreciate the time and effort you have taken!!you are not safe you have lots to came out hold on for help from the experts , harry