Explore topic-wise InterviewSolutions in .

Hi,
My computer once again is acting like it has a big problem. I have noticed when I start windows, and run just about any programt anytime, the system is slower. Online browsing is delayed, and often has crashes.
I have tried to resolve this problem by using the standard methods of running:
CCleaner
Symnatec Anti-Virus
Ad-Aware
Spybot Search and Destroy
eWido

I have cleaned and quarinteined when possible and yet the system shows minimal improvement.
For some one reason, one virus in Ad-Aware has been moved to ignore.
Further Symnatec shows the same viruses nightly.

I have listed below the latest results from running HiJack This and As-Adware

HiJack This:

Logfile of HijackThis v1.99.1
Scan saved at 10:24:27 AM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running PROCESSES:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1154149194\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Trent Berger\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154149194\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Ad-Aware:

Scan Results
Ad-Aware 2007 FREE Edition
Log File Created on:
2007-11-0810:03:53
Using Definitions File:
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name:
TRENT-31A63E0D1
Name of user performing scan:
SYSTEM
Name of user ordering scan:
Trent Berger
Scan completed successfully
•System Information
•File Version Information
•Ad-Aware 2007 Settings
•Extended Ad-Aware 2007 Settings
•Database Information
•Scan Statistics
•Scan Detailed Statistics
•Infections Found
•Listing of running processes
System Information
Number of processors:
1
Processor type:
Mobile Intel(R) Pentium(R) 4 CPU 3.06GHz
Memory Available:
32%
Total Physical Memory:
536195072 Bytes
Available Physical Memory:
167235584 Bytes
Total Page File Size:
1306722304 Bytes
Available On Page File:
732647424 Bytes
Total Virtual Memory:
2147352576 Bytes
Available Virtual Memory:
2002599936 Bytes
OS:
Microsoft Windows XP 5.1 (Build 2600)
[to top]
File Verion Information
FileVersion
CEAPI.dll7, 0, 2, 3
aawservice.exe7, 0, 2, 3
Ad-Aware2007.exe7.0.2.3
[to top]
Ad-Aware 2007 Settings
Skipping files larger than:
1048576 Bytes
Ignoring infections with lower TAI than:
3
Safe Mode:
False
[to top]
Extended Ad-Aware 2007 Settings
•Unload malicious processes and modules
•Unload Modules
•Let Windows remove files at Start-Up
•Deactivate Ad-Watch
•Re-analyze Scan Result
•Update Definitions on startup
•Delete Restored Items
•Permanent Archive CACHING
•Write Protect System Files
•Create Log file
•Include basic settings
•Include advanced settings
•Include user and computer name
•Environment information
•Running processes
•Running processes and modules
•Include info about ignored objects in log file
•Consider definitions File Outdated after x days
•Proxy URL
•Proxy Port
[to top]
Database Info
Version number:
32
Build Number:
0
Build Date and Time:
2007/11/0703:48:36
[to top]
Scan Statistics
Method:
Smart

Items Scanned:
106460
Infections Detected:
0
Infections Removed:
0
Infections Quarantined:
0
Infections Ignored:
1
[to top]
Scan Detailed Statistics
TypeCriticalTotal
Process Scan00
Registry Scan00
Registry PE Scan00
Hosts Scan00
File Scan00
Folder Scan00
LSP Scan00
ADS Scan00
Cookie Scan00
File Hash Scan00
[to top]
Infections Found
Family IdNameCategoryTAI
Quarantined Objects
Family IdNameCategoryTAI
Removed Objects
Family IdNameCategoryTAI
[to top]


Does anybody know
1)Why my CPU is running slow?
2)What I can do to fix?
3)Why Ad-Aware has ignore and what this means/I should do?
4)Why Symnatec shows and what this means/I should do?

Thanks.
I'll take a look at your HJT...Your HJT log is fairly clean.
Couple of entries, you want to "fix":
- O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
- O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
- O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

However those shouldn't affect speed of your computer.

You can start with two things:

1. I've noticed, you have few items, which are not needed as startups. You may uncheck them in msconfig:
- O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
- O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
- O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (only needed at startup, if you overclock your card)
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
- O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
- O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
- O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (if...CTFMon is involved with the language/alternative input services in Office XP)
- O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
- O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Disabling those startups, should give your computer some new life.

2. I've also noticed, that you have quiet few services running. Some of them may be unnecessary.
Go Start>Run, type in:
services.msc
and compare your list with BlackViper list:
http://www.blackviper.com/WinXP/servicecfg.htm

I have had this on my computer for a couple of months and can't get rid of it. It is QUARANTINED through Trendmicro with ACCESS denied, but everytime I scan or use the INTERNET it pops up. You posted in a wrong section, so repost at "Computer Viruses and Spyware" forum, but before you do so, download HijackThis: http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html
and POST its log along with your message at the above forum.

I need help with a small problem... I have a random grey box that takes up the center of the desktop...I dont know how to fix this but it COVERS up the center of the wallpaper and it won't go away...any help would be great...Can you post a SCREENSHOT?

How to take a screen shot.

* Open up your Web Browser.
* Or from the desktop. (for desktop screenshots)
* Look on your keyboard and there should be a button (usually in the top right CORNER) that reads PrtSc, press that button.

** Please Note: If you cant find the button, here is a picture of a basic keyboard, and look at the key with the red squares around it. Click Here (Click on the Blue link) to view the Picture. **

* Once the PrtSc button is pressed, Open up Microsoft Paint.

1. Click Start
2. Click Run
3. Type in MSpaint
4. Press Ok.

* Once Paint is open, On the Menu bar click on Edit
* Then Paste.
* Save the FILE to your computer as a Jpeg image (Mainly so the size is not so big)

On the menu bar click File
Click Save as..
Next to Save as type click the drop arrow, and choose Jpeg
The click Save.

Computer keeps shuting down. Can be on a program & it keeps turning off & restarting by itself. Tried system suite 6 & it just shut off, did not good. What are your suggestions?What is "system suite 6"?
What kind of protection do you have?
What firewall, what antivirus?
What Windows version?
Computer specs, please.Quote

What is "system suite 6"?

What is "system suite 6"?
What kind of protection do you have?
What firewall, what antivirus?
What Windows version?
Computer specs, please.

Won't stay open enough to get much information for you

I am looking for the best FREE antivirus PROGRAM i can GET....i just got my computer running again (thanks to This site...Broni Mainly) and i need protection....any recommendations would be greatly appreciated.
thanks in advance
-MikeAVG:
http://free.grisoft.com/The "best" is merely an opinion. You should try out a few programs and see which one you prefer. However, I agree that AVG is one of the best available.I recommend: Avast!
Has never let me down.
http://www.avast.com/

ChrisAVG is the best,PERSONALLY, I too prefer AVG.
I've used Avast, Antivir and AVG, and can definitely say that AVG takes less resources, I find it easier to use, and it SEEMS to also provide better protection.
You should definitely test them out before making a DECISION though.

I just downloaded it from a very same source, and it worked. It took some 30 sec with "Combofix is preparing to run" screen, before disclaimer window opened.Ok so I deleted my prior version and downloaded it again. When I click run on Combofix the same thing happens. I get a "C:\ . " command prompt box. I did get a short flash of the C:\ box being paused. No disclaimer shows, not even after 5 minutes.

If I go into the C:\Combofix file, there's 3 applications - nircmd, ntp, NTPBack and a bunch of CFEXE files, DAT files, Batch files and VBScript files. Am I supposed to copy and paste scripts in?

Could you be more explicit with instructions?Delete
C:\Combofix
Also look for and delete C:\qoovox (may not be there)
And delete any desktop shortcuts.

Restart the computer.

Then download a Fresh Version and try again.Thank you evilfantasy

but still no go. I turned off the internet and mcaffee. I'm throwing in the towel. Not sure what is preventing combofix from doing it's job but at least I have uninterrupted internet access again!

Good luck to everyone else.

You should run an Online Scan to be sure. It is odd that Combofix will not run.

Use the ESET Nod32 Online Scanner.
Requires Internet Explorer

Click YES, I accept the Terms of Use. Then Start.

The scan report is saved by default in C:\Program Files\EsetOnlineScanner\log.txt

Add the EsetOnlineScanner\log.txt in your next post.Yes I THOUGHT it was strange that Combofix didn't work either...But whenever I've seen it used on other posts, someone is instructing a person to create a text file and drag it into Combofix.

Here's the results of the ESET Online Scanner:

Win32/Adware.WBug.A application
C:\Program Files\Install_AIM.exe >> Wise >> WxBug.EXE >> WISE >> MiniBugTransporter.dll

Win32/Adware.WBug.A application
C:\Program Files\Install_AIM.exe >> Wise >> WxBug.EXE

Win32/Adware.WBug.A application
C:\Program Files\Install_AIM.exe

Win32/Adware.SecToolbar application
C:\Documents and Settings\Mik\Favorites\Online Security Guide.lnk

Win32/Adware.SecToolbar application
C:\Documents and Settings\Mik\Desktop\Online Security Guide.lnk

Win32/Adware.SecToolbar application
C:\Documents and Settings\Mik\Desktop\Live Safety Center.lnk

Win32/Adware.SecToolbar application
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk

Win32/Adware.SecToolbar application
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk

Win32/Adware.SecToolbar application
C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk

Win32/Adware.SecToolbar application
C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk

Win32/Adware.SecToolbar application
C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk

I think what happened is that I thought these 2 desktop icons were a part of Windows Defender, but they're actually part of the virus. Let me try to delete these links and see if they disappear for good.




Quote

Yes I thought it was strange that Combofix didn't work either...But whenever I've seen it used on other posts, someone is instructing a person to create a text file and drag it into Combofix.

Java 2 Runtime Environment, SE v1.4.2

An access error was returned while attempting to change a service

I KNOW I've done it before a long time ago,but I can't remember how. an someone tell me how to run a LOG on my computer? Thanks.I know, that you're asking about HJT log.
Run HJT. After it's done, you'll have an option to save log file:



Click on "Save log", and save it to know location. Right after that, Notepad window will open with your HJT log in there.
Simply, go Edit>Select All, right click anywhere within the TEXT, and click Copy.

Now, go to your other thread:
How to stop random nternet sites from POPPING up
and Paste your log there.
If it's long, you may need to split it between TWO postings.
Yes, that is the log. I just forgot what it was caled. I will post it on my other message in just a minute. Thanks for all your help!You're welcome

Ok, I've been BATTLING this virus for a couple weeks now.

I doesnt seem to be producing pop ups of any sort, and it doesnt seem to be leeching any resources, however it keeps coming back and installing dll files!
I've run hijackthis nod32 vundofix in safe mode numerous times, but I havent stopped it from coming back, every 2 reboots or so my nod32 pops up saying the dll's have returned... Obviously there is something I need to remove manually that I'm missing every time so I've come here for some advice. here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:35:48, on 04/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Lock My PC 4\lockpc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [vmc] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\vmc.dll
O4 - HKLM\..\RunOnce: [Falcon] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Falcon.dll
O4 - HKLM\..\RunOnce: [mswm] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\mswm.dll
O4 - HKLM\..\RunOnce: [NetMD] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\NetMD.dll
O4 - HKLM\..\RunOnce: [SPTISRVps] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SPTISR~1.DLL
O4 - HKLM\..\RunOnce: [OMG LP 4.7-07-14-05-01] C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /n /o
O4 - HKLM\..\RunOnce: [AppReg] C:\PROGRA~1\Sony\SONICS~1\AppReg.exe
O4 - HKLM\..\RunOnce: [AudioNorm.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\AUDION~1.DLL
O4 - HKLM\..\RunOnce: [Metallic.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Metallic.dll
O4 - HKLM\..\RunOnce: [OmgApDeliveryManagerComp.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\OMGAPD~1.DLL
O4 - HKLM\..\RunOnce: [OmgApPlaybackComp.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\OMGAPP~1.DLL
O4 - HKLM\..\RunOnce: [OpcArs.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\OpcArs.dll
O4 - HKLM\..\RunOnce: [OpcCDAPlay.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\OPCCDA~1.DLL
O4 - HKLM\..\RunOnce: [OpcWAV2.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\OpcWAV2.dll
O4 - HKLM\..\RunOnce: [OpcWMA.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\OpcWMA.dll
O4 - HKLM\..\RunOnce: [OpdClie.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\OpdClie.dll
O4 - HKLM\..\RunOnce: [SonyMixerControl.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SONYMI~1.DLL
O4 - HKLM\..\RunOnce: [SonyWavWriter.ax] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SONYWA~1.AX
O4 - HKLM\..\RunOnce: [SsAppDbMan.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SSAPPD~1.DLL
O4 - HKLM\..\RunOnce: [SsDbConnection.exe] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SSDBCO~1.EXE
O4 - HKLM\..\RunOnce: [SsDbMan.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SsDbMan.dll
O4 - HKLM\..\RunOnce: [SSScsiSVps.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SSSCSI~1.DLL
O4 - HKLM\..\RunOnce: [SsBeServicePS.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SSBESE~1.DLL
O4 - HKLM\..\RunOnce: [CDDBUISony.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\WINDOWS\system32\CDDBUI~1.DLL
O4 - HKLM\..\RunOnce: [CDDBControlSony.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\WINDOWS\system32\CDDBCO~1.DLL
O4 - HKLM\..\RunOnce: [CddbLinkSony.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\WINDOWS\system32\CDDBLI~1.DLL
O4 - HKLM\..\RunOnce: [CddbMusicIDSony.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\WINDOWS\system32\CDDBMU~1.DLL
O4 - HKLM\..\RunOnce: [CddbPlaylist2Sony.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\WINDOWS\system32\CDDBPL~1.DLL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-1177238915-527237240-682003330-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1177238915-527237240-682003330-1003\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195867402468
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9286 bytes
Download Trojan.Vundo Removal Tool from here:
http://www.symantec.com/security_response/writeup.jsp?docid=2004-112210-3747-99
Print, and follow instructions listed there, and after that post your new HJT log.Thanks for the quick reply, I've just used vundofix, and apparently a full scan hasn't detected any viruses.

Here is my "new" hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:45, on 04/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Lock My PC 4\lockpc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://194.80.38.243:3128/
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-1177238915-527237240-682003330-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1177238915-527237240-682003330-1003\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195867402468
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5990 bytes
So, I woke up this morning, booted up the puter and I got the same warning message saying virtumonde dll files detected...

I am starting to suspect this is a new version of virtumonde, because all of the tools I try can't seem to remove this infection!
NOD32 however isn't giving me the option of sending the dll files to their headquarters for analysis.

Any ideas anyone?Your HJT log is totally clean.
I suspect false positive.
Do two things.
1. When Nod32 pops-up, write down names of those SUSPICIOUS ".dll" files, and post them back here. Search your computer, and see, if they exist, and if so, in what location.
2. Go here: http://www.eset.com/onlinescan/index.php for free on-line scan.
Quote

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile LOCATED at C:\Program Files\EsetOnlineScanner\log.txt
9. Attach the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply

I have 2 infected files that i can try to delete. The first will delete, but as soon as the SECOND one is deleted, they come back!! what do i do?

it doesn't matter what order i delete them in. HELP!!DOWNLOAD hijackthis , run it , SAVE the log , and copy and paste it here , the download will follow after this message .

http://www.majorgeeks.com/downloadget.php?id=5554&file=10&evp=4122712c2af084c815e5fd4f2b249d83

Tonythe last thing I want to do is download SOMETHING else without knowing exactly what it isHi Zippy, HijackThis is safe for you to download. It will provide us with useful information that will help in diagnosing and correcting your problem.

I've attached a sample log file to show you what the program will create.

[SAVING space - attachment deleted by admin]Quote from: ZippyDee on December 02, 2007, 07:48:41 PM

the last thing I want to do is download something else without knowing exactly what it is

Yes hijackthis contains trojans , worms , and a whole lot of addware .

www.google.com - all you had to do was ask google , and not make yourself out to be a complete twat by saying that .

I'm having some trouble with ie: wondering if its a virus etc hope you can help me! so: heres my hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 21:19:26, on 04/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Wintab32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Acecad\Wtxpload.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Acecad\xpoint32.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Adobe\ACROBAT 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\MDM.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196716163250
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\System32\Wintab32.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

thanks in advance!
Please read post 1 and 2 in this thread and supply the other two logs along with a new HijackThis log. ALSO use the link in the post to download the new version of HijackThis.

Thanks.

Your HJT log is clean, except for one non-issue entry:
- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
which you may want to "fix", but follow evilfantasy advice, just to be sure, everything is OK.

What kind of IE problems are you having?well, I can't delete temp internet files from the tools> internet options because it GENERALLY just freezes up and then internet explorer says error, then dr watson post mortem says error(sometimes)
I've had to result to placing a temp internet files shortcut on my desktop and deleting them from there!
In addition I can't access ebay pages etc as the same problem occurs.

so i'll give you a run through:

tools>internet options>delete temporary internet files
*freezes up*

Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience.

error signature

AppName: iexplore.exe AppVer: 6.0.2900.2180 ModName: wininet.dll
ModVer: 6.0.2900.3199 Offset: 0001b800

the following files will be INCLUDED in this error report:
C:\DOCUME~1\*myname*\LOCALS~1\Temp\6081_appcompat.txt
---------------------------------------------------------------
however, when I searched, there isn't actually a file with this name......
If you think it is malware related then use the link I supplied and run the scans to post the logs.Your non-ability to delete temp files, and your error may be connected.
Read here:
http://support.microsoft.com/kb/160158
It concerns IE 5.0, and below, but may be worth to try.

Follow evilfantasy's advice, as well, to make sure, your computer is clean.scanning as i am typing!
also, thanks but the thing is it says something about ms dos when pointing at programs.
I don't think its meant for xpactually now i'm thinking that its a corrupt file as none of the scans showed any threats.
Thanks for the help anywayGo to Start > Run TYPE sfc /scannow

Quote

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem.

I know I can I do "Scan Selected Drives" for a manual scan but for the AUTOMATIC scans I've been trying to figure out how to set it to just scan my C drive only and then I would scan all the drives once a month.The free version is limited on the scheduled scan settings.

I am not sure if you can or not but open AVG and select Test Center. Then from the Toolbar select Tests > SYSTEM Areas Test Settings. Again I don't know if it will bethere or not but WORTH a look.I checked pretty thoroughly, and I can't find any setting allowing it.This option is not available in the Free EDITION...Okay thanks everyone. I can stop looking for options now! You can however edit the scheduler so it runs at 4 AM when you're sleeping...

HI there

My operating system is Windows XP pro

I received an email that said it was sent by a friend called See Who Blocked or deleted you on MSN. When I spoke to the friend she said that in fact it was a virus that sent the same email to her whole address book in her name I did open it as I thought it was from her and I trust her

I just got a new harddrive and have lots of work related stuff, irreplaceable pics that I havent had a chance to back up and lots of music. I completely deleted MSN from my system, ran Spybot, Spyware and ad aware on my system as well as Trend PC-lian (sp?) It says my system is clean but my friends say that they are showing me as signing in and out of messenger . I really cant afford to erase and reformat my DRIVE. Can you suggest anything else to get rid of this worm/trojan virus?

ThanksWe will need to see the requested logs from this post to see what may be on the PC.

Even though you have already ran scans we have to see logs or there is no way of telling for sure.
We have done everything recommended and still appear to have the issue. Can someone please look at this logfile and advise us what to do next.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:39 AM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\A!K Research Labs\NotesHolder\NotesHolder.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CodeStuff\Starter\Starter.exe
C:\Program Files\T-Clock\lang\tclock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.gmail.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.gmail.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: NotesHolder.lnk = C:\Program Files\A!K Research Labs\NotesHolder\NotesHolder.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Spyware Terminator.lnk = ?
O4 - Startup: Starter.lnk = ?
O4 - Startup: tclock.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (FILE missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} (SkillGround Game Manager) - http://www1.skillground.com/cab1816/SkillGround.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152071461091
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8812 bytes
Quote

We have done everything recommended and still appear to have the issue. Can someone please look at this logfile and advise us what to do next.

Hi I am running on Win XP with AVG Antispyware and WINDOWS Defender protecting....

Today, I have encoutered a problem like..... I can't open EXECUTABLE files with a double click....it is showing as "choose the programme u want to use to open this file..... even for INTERNET explorer.....

How can i solve this problem?I have also scanned the system with Avg and defender, but to find nothing.....Try #12 from here:
http://www.kellys-korner-xp.com/xp_tweaks.htmThank Broni.... its working....
U r gem of a guy................COOL

I noticed a few days ago that my Norton's ANTIVIRUS icon had disappeared from the notification area of the task bar. I tried restarting it from the Start menu but it wouldn't run.

I reinstalled it but I noticed that all exe files were being deleted as soon as they were written to the hard drive. I tried AVG Antivirus too and as I was installing it I watched the folder that I was installing it too, lo and behold, the exe files GOT deleted as soon as the installation finished as if by magic....they just disappeared!

I cannot install any Antivirus software at all. Exe files related to any antivirus software simply disappear from their folders!

I have tried various online virus scanners and they say I'm CLEAN. Ad-aware says I'm clean.

Is this a virus, trojan, or something else? If it is something nasty has anyone come across this before and what can I do to FIX it?Reboot into safe mode and run the antivirus scan.Thanks for your reply. I give it a try tomorrow and post the results....if any I can't seem to start my PC in safe mode. I can get to the option screen but I get a BoD.

Still can't install any antivirus at all.

I guess this is going to end up with me reformatting the C DriveThe problem may be more then just malware alone.

Have you tried doing a repair install?Fixed!

It was malware! (but can't find the logfile and for the life of me can't remember it's name)

I ran Trojan Remover and it found hidden registry entries pointing to a hidden executable also resident in MEMORY. Cleared that and bingo! Antivirus is now installed and working.

Phew!

Thanks for the help.

I got up It has a message on the screen saying " Disk Read Error push Crtl+Alt+Del to restart"

I got up It has a message on the screen saying " Disk Read Error push Crtl+Alt+Del to restart"
...and???

Hi,

Using Windows XP SP2.
Here is my problem: My IE homepage has being hijacked!

I just ran a full scan with Spybot - Search & Destroy, and it found:

CoolWWWSearch

AND

AntiSpyWare2007

So here is the HJT log.

The following programs have already being removed:

Vidalia Bundle (With Tor, Torbutton and Privoxy)
TC-Spy (Reported false-positives)

Also, that Proxy Server is something I tried to get working while I was still using IE. Search for it and the first result should be from "users.pandora.be".

Thanx.

[saving space - attachment deleted by admin]In case you're wondering, I use IE so I can view SWI Forums (where I'm trying to LEARN how to read HJT logs). Also used so I can log into the McAfee SiteAdvisor website.You need to stay away from warez/keygens!!!

Firefox works just fine on the SWI forums and site advisor web site.

You need to do the other scans from this post and supply the logs.Hi evilfantasy,

I will stay away from warez/keygens.

ESET Online Scanner says it is not compatible with Firefox.
I will download SUPERAntiSpyware and post the log.Quote from: dairyman on December 04, 2007, 03:49:06 PM

ESET Online Scanner says it is not compatible with Firefox.

Currently I am experiencing a problem with a Dell Insprion 600M laptop, operating system Windows XP Professional. The problem began yesterday evening during which my desktop background became black and stated, “Your computer is in Danger. Windows Security center has detected spyway/adware infection! It is strongly recommended to use special antispyware tool to prevent data loss.” Seconds later a balloon appeared in the lower left hand corner, which stated, “Your computer is infected. Windows has detected spyware infection. It is strongly recommended to use special antispyware tool to prevent data loss. Windows will now download and install the most up-to-date antispyware for you. Click here to protect your computer from spyware.” After which a box appeared “Brave Sentry – BS 2.0” and began scanning my computer for potential damages, listing different malwares (Trojan X Download, Win Desktop, Hotbar toolbar, Keenvalue/Perfect NAV, Internexus Dialer, Gatordone, etc.) and the threats (severe, high, etc.) they posed. Not ever encountering this problem I let the program run. After the program detected about 27 possible threats the scan stopped and the “remove threat” button appeared. In clicking on the “remove threat” button, another box appeared titled “BS Evaluation Version Warning” underneath the title there was a brief paragraph, which stated “This version of BS is for evaluation purposes only. The REMOVAL feature is disabled. You may scan your PC to locate malware threats. To be able to remove threats found you should purchase a license.” Under the paragraph were two buttons the first being “purchase licenses” and the second being “continue evaluating.” Below the two buttons there was a sentence that read “BS activation, if you have already purchased a licenses please enter the activation code below.” Underneath the statement the third button being “Activate BS Now!” Since this issue began, I am unable to connect to the Internet even when the computer is directly plugged into the MODEM and/or the wireless router is used. The computer however, detects the wireless router, which it states is giving off a strong signal. Lastly, there is another box which appears and is titled “Warning!” with the sentence “Get free *censored* now!” along with two buttons “OK” and “Cancel.” If at all possible, I would greatly appreciate someone assisting me with this problem. Welcome aboard

Never, ever allow any unknown programs to be running on your computer. Period!

http://www.bleepingcomputer.com/forums/topic55983.html

Brave Sentry is an alleged antispyware application that uses Trojans and other malware into tricking or scaring you into purchasing it. If you are infected with this malware, your desktop background may CHANGE to a black screen with a false warning message. There will also be an alert in your taskbar stating that you have various infections or other security problems with your computer. When you click on these messages it automatically opens BraveSentry. It is advised that you do not purchase this program as it is on the rogue antispyware applications list.

Screenshots of the application and the warning can be found below:





Now...

1. Print out these instructions as we will need to close every window that is open later in the fix.

2. Download SmitfraudFix.exe from here and save it to your desktop:

http://www.bleepingcomputer.com/files/smitfraudfix.php

3. Next, please reboot your computer into Safe Mode by doing the following:

a. Restart your computer

b. Start tapping F8 key

c. A menu will appear

d. Select the first option, to run Windows in Safe Mode.

4. Close all open Windows.

5. Now, double-click on the SmitFraudfix icon.

6. When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.

7. You will now see a menu. Press the number 2 on your keyboard and the press the Enter key to choose the option Clean.

8. The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program.
This program will remove all Temp, Temporary Internet Files, and other files that may be LEFTOVER files from this infection. This process can take up a long time depending on your computer, so please be patient. When it is complete, it will close automatically and you should continue with next step.

9. When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the Enter key.

10. When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot.

11. Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer.
Save that log to your desktop, and attach it to your next reply.

Since this issue began, I am unable to connect to the Internet even when the computer is directly plugged into the modem and/or the wireless router is used. The computer however, detects the wireless router, which it states is giving off a strong signal. I am currently using an iBook to obtain any help from this website and if anyone can further help me I would greatly appreciate it.Op Pmed me with this:

Quote

Thank you very much for assistance, I really appreciate it. I just seem to have one tiny problem and that is I can not get on the internet from my dell laptop. Since this issue began, I am unable to connect to the Internet even when the computer is directly plugged into the modem and/or the wireless router is used. The computer however, detects the wireless router, which it states is giving off a strong signal. The laptop only has internet explorer on it and everytime I click the desktop icon a blank page comes up and states it can not find the server. I am just not sure what to do from here I understood the directions you send regarding the malware, I am just not sure how to download that link when using an iBook and not the computer that is having the problem. I hope you can help me with this and once again I thank you for your help.

when trying to run the program to fully install it

Considering the spyware that is in the computer ... is that the problem with why the internet is not working from the PC Laptop

I use Windows XP HOME Edition SP2.

After installing SpeedFan, I noticed a new icon on my desktop called:

initdebug.nfo

Is this file a virus?
Can I SAFELY delete it without causing any damage?

Thank you. It's a Speedfan file. This file (initdebug.nfo) was CREATED by the 'give
i/o' service when you installed Speedfan, it apparently uses the
service/file to get values from temperature sensors in your PC.

You can delete this file!

Thank you!!Also most likely if it is a virus you wouldn't see it on your desktop, unless the guy who made the virus is retarded. lolQuote from: S_R_S5 on December 19, 2007, 06:53:20 PM

Also most likely if it is a virus you wouldn't see it on your desktop, unless the guy who made the virus is retarded. lol

Hello Everyone

I received this strange email today. I didn't open the attached file, but it also came with this strange message, which I searched and located on a site called Nabble.

http://www.nabble.com/protocoling-td14394329s3741.html


Subject: Protocoling

Across his cheek, a scratch on his nose, and sticking crematorium
bringing with them the dead bodies made this offer. 'let
the food be brought' were of the lapis lazuli accompanied
by all kinds of their lords, they at last attain to region
where older than either theo or margaret, she was neither
keep his faith given when the OBSERVANCE thereof from disease.
then again the illustrious vishnu the illustrious garuda
then assumed ninety times choppin' BLOCK an' up the road
about a halfmile.

Does anyone KNOW what this is all about? Thanks in advance.
-J

Spammers often include some random bits of text in an ATTEMPT to bypass spam filters. It makes the email look more legit than an EMPTY mail with an attached file.
The message you found on Nabble also appear to be spam.What the heck is a "garuda" ? ? ?

A mythical bird/bird-like creature from Hindu and Buddhist mythology. Gotcha....and Thanx !

A couple of DAYS ago my AVG detected & removed (TROJAN horse BackDoor Hupigon3.XKF) from my computer.
I had Killbox installed, but fortunately have not had to use it to remove anything stubborn. Have seen some other forums on GOOGLE that have had the same thing...was just wondering if I should re-install Killbox, or will I just be INVITING the same problem again. Computer is fine. All scans are good.
Thanks.Killbox does not update automatically.

It is a program that is better to download for use then delete it.

If needed later, ALWAYS download a fresh copy.Thanks for the info.

Merry Christmas.

sn12.mailshell.net has to do with AVG antivirus (I think), why it is suddenly popping up I am not sure. maybe check the settings in AVG. Or even check for updates.

Go to C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe <--Delete the whole CA folder.

Also download and use the Norton removal Tool

One more HijackThis log please.

That folder was automatically removed when I uninstalled the eTrust EZ Antivirus software two days ago. But just to be sure, I did a file search, and nothing came back.

I ran the Norton Removal Tool as requested.

Here is the hjt log after norton.

thx.


[saving space - attachment deleted by admin]The logs are clean.

Run CCleaner.

Go to Start > Run and copy and PASTE next COMMAND in the field:

COMBOFIX /u



Make sure there's a space between Combofix and /
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again


I will look around for some info. on the sn12.mailshell.net pop up and see what I can find.that is such a kewl LITTLE program (combofix)

I will search around as well and see what i can find. So far, all i've found is a bunch of jargon, but that's what i get for googling. I wish I knew more places to look. What do you when you want to find something? Besides checking the popular search engines....

Google is the best tool there is.

I visit a LOT of security related forums so sometimes it is things I have either seen before or read about.

Just be careful with combofix, it is an advanced tool and should be used with caution for good reason.

Towards the bottom of this post is a discussion on sn12.mailshell.net





Hey thanks for everything. You are a tremendous help. My client will be so pleased.

I look forward to working with you in the future.

Have a great evening.

Hello, My brother isn't really having problems with his computer but I think he has a virus.
I believe I have had the same one.

An icon down near the clock keeps popping up saying he has a virus and then when u click on it Internet Explorer pops up wanting you to download a virus PROTECTOR and such.

Anyways....He has a virus protector and other stuff I told him its crap but he dont listen.
He bought Defender Pro 2008 I really don't know if its any good but maybe it is.

Here is his HJT log.


---------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:19:03 PM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\DefenderPro\TSAntiSpy.exe
C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\The WEATHER Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Defender Pro\Defender Pro Drive Defragger\bin\DriveDefraggerCtrl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Defender Pro Private Surf\ABP\Anonymous Surfing.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Defender Pro Private Surf\AntiSpy\CSAntiSpy.exe
C:\Program Files\Defender Pro\Defender Pro Drive Defragger\bin\DriveDefraggerService.exe
C:\Program Files\Defender Pro Private Surf\MyPrivacy\mpsvc.exe
C:\Program Files\Defender Pro Private Surf\MyPrivacy\NewMyPrivacyNT.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Defender Pro\Defender Pro Drive Defragger\bin\defragActivityMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\customer\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {E8249E69-A809-4544-832F-64EB65747A92} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: IE Custom Tools - {EFAF6EA3-615D-4F83-8748-2F7A576FCEA6} - C:\Program Files\Video Add-on\ictmdl.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.0.370.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.0.370.0\ZangoSA.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [LaunchAntiSpy] C:\Program Files\DefenderPro\TSAntiSpy.exe /startup
O4 - HKLM\..\Run: [Complete Security] "C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe"
O4 - HKLM\..\Run: [CompleteSecurityUpdate] "C:\Program Files\Defender Pro Private Surf\AutomaticUpdate.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SWG] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US EE://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Defender Pro Drive Defragger.lnk = C:\Program Files\Defender Pro\Defender Pro Drive Defragger\bin\DriveDefraggerCtrl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: C:\PROGRA~1\DEFEND~1\DEFEND~1.0\adialhk.dll
O22 - SharedTaskScheduler: geosphere - {c0ca766d-060c-48e1-b536-205e321bd174} - C:\WINDOWS\system32\wowlze.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Defender Pro Internet Security (AVP) - Defender Pro - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
O23 - Service: DefenderProDriveDefraggerService - - C:\Program Files\Defender Pro\Defender Pro Drive Defragger\bin\DriveDefraggerService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Omniquad MyPrivacy - Unknown owner - C:\Program Files\Defender Pro Private Surf\MyPrivacy\mpsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10469 bytes
I believe the virus has something to do with VirusRanger?Read the instructions in post # 1 and # 2 in This Post and add the logs in the next post.ok done.

[saving space - attachment deleted by ADMIN]Run a new HijackThis scan and attach the log.

i have remove a trojan NAMED brontok using avast and when every time i start my computer there is always a sign saying that windows cannot find eksplorasi.exe. Is there any way i can remove it? thanks1. Run free online scan at: http://housecall.trendmicro.com/
The Housecall log is saved to C:\Documents and Settings\UserName\.housecall\log\
Post HouseCall log.

2. Download and scan with SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

SUPERAntiSpyware should be run in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll SEE "Safe Mode" in all four corners of your screen

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by SELECTING "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be PATIENT while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/LOGS tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.thanks for the help! i had removed it. There is one more question i would like to ask, my task manager is acting weird it only displays the application tab, the other tabs like the processes, networking etc. are missing also the close, minimized and restore down button is missing too. Can you please help me. thanks again.Follow the above instructions and post the logs requested here when you are finished...

My computer got infected i do have an antivirus but i think it happen while downloading music, thank you for your help in advance

I am not able to run the hijack complete cause is too long please advice.

Sandra

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:53 PM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

1. Run free online scan at: http://housecall.trendmicro.com/
Post HouseCall log.

2. Download and scan with SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print this instructions out.

SUPERAntiSpyware should be run in Safe Mode.

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be PATIENT while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will OPEN in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.Please tell me what i am doing wrong when i try to reply with the log it tells me that it exeeds the 1,000 words, what i am ding wrong??? Oh, OK.
The easiest way...
Open log in Notepad, and "Save As" .txt file (originally it's .log type of file).
Then, when you reply, use "Additional Options", and attach your file:

I saved as a txt and still not letting me attachedThe only options that i have are:

log files and log files (*.*)sandryly1
Open first log file in Notepad, click File, then Save As, and save it as .txt file.
Then attach.
Check the file size. It can't be bigger, then 128 KB, but it shouldn't be.I dont know what is going on, i did exactly what you told me and i keep getting the same message is there any other way to do it??OK, highlight half of your first log, copy, and paste in your reply. Do the same with second half, and paste it into next reply.
pplication Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : QUICK Scan
Total Scan Time : 00:49:48

Memory items scanned : 586
Memory threats detected : 0
Registry items scanned : 831
Registry threats detected : 39
File items scanned : 31658
File threats detected : 10

Adware.MyWebSearch
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\8.BIN\MWSSRCAS.DLL
HKU\S-1-5-21-584176141-2514272421-2728105404-1008\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\Programmable

Adware.Tracking Cookie
c:\documents and settings\hp_administrator\cookies\[emailprotected][1].txt

Adware.HotBar/SpamBlockerUtility (Low Risk)
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlocker\Personal Folders
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlocker
HKCR\SpamBlockerConfig.Application
HKCR\SpamBlockerConfig.Application\Clsid
HKCR\SpamBlockerConfig.Application.1
HKCR\SpamBlockerConfig.Application.1\Clsid

Malware.Ultimate Defender
C:\Documents and Settings\HP_Administrator\Application Data\Ultimate Defender\logs\1165996780.log
C:\Documents and Settings\HP_Administrator\Application Data\Ultimate Defender\logs
C:\Documents and Settings\HP_Administrator\Application Data\Ultimate Defender
C:\WINDOWS\SYSTEM32\TMPWISC2.EXE:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CreataCard\Gold\FMRemind.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: OFK System - {E2D31F0C-78A4-4713-A7E4-6F4A50525D4B} - C:\WINDOWS\blopenvtrm.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: The retnsrp - {D528386A-A286-4697-9C9C-47856CCD7F67} - C:\WINDOWS\retnsrp.dll
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 200
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\8.bin\m3IMPipe.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: CreataCard Gold 3 Forget Me Not Reminders TRAY Icon.lnk = C:\Program Files\CreataCard\Gold\FMRemind.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} (CoxFastConnect20 Control) - https://fastconnect.cox.net/cd20/CoxFastConnect20.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.27.5/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: nopzet - {D11BA613-31F8-42DA-AA4C-75CBA99FAA5C} - C:\WINDOWS\nopzet.dll
O21 - SSODL: leorop - {0B7728A6-03CC-4309-A8E8-941FEBC1A9AF} - C:\WINDOWS\leorop.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -will that be good in the last one i was able to copy the whole thingBeginning of HijackThis log is cut off. Try again.SUPERAntiSpyware was supposed to be run as Complete Scan, not Quick Scan. Did you run it in Safe Mode? Is it complete log.
HouseCall log is missing.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:52 PM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CreataCard\Gold\FMRemind.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe

See my avg will have a pop-up saying it detected this TROJAN. I VAULT it then wipe it from my comp. Then in a day or two there ends up being a few more. It ends up being about 3 trojans per week.

windows xp pro. service pack 2 internet explorer 7

[saving SPACE - attachment deleted by admin]All your logs are clean, so....your warning may be false positive.
What is the alleged trojan name, and location?The next time you receive the warning, write it down and post it here in a reply.str master26
Thanks to my fellow malware removal specialist, evilfantasy's PM...
You have TWO antiviruses running at the same time: AVG, and Norton. This is a big NO-NO.
You have to uninstall one of them.well my nortan is crap anyway and only has 10 day subscription left but that may be why my avg goes offNorton Removal TOOL

Do yourself a favor and run both diskclean and defrag after this...After using Norton Removal Tool, I searched my registry for any keys containing words: Norton, Symantec, and I found NUMEROUS entries, which I deleted.
You may do this, as well. Back up your registry, firstThe Full Version.

Can someone plz RECOMMEND me a decent virus program. One that will not slow up my browsing so much and that can ALLOW me to play games uninterrupted. THANKS!I use AVG, it's good and best of all free If you go with AVG, which I recommend, as well, don't forget to uninstall your current AV, first.Thanks! free is good, but will this work with Vista home 32bit.Yep.Thanks! I really APPRECIATE the help given in these forums.

i dont know what happened.... im not using any public computers ... one day i tried to open one of my email ad, i cannot open it. it says i have an invalid password. there are important files there. how can i retrieve my password/email ad? anyone COULD help me PLEASE?Can you explain what you mean by "e-mail ad"? The only ad I know of is an advertisement.

When requesting help, it's always BEST to post as much INFORMATION as possible to make it easier for US to help you.i believe you are talking about ID, i.d. username. So you just try to put in the correct login, check if the capslock is off and that uput the correct letters, numbers. If that doesn't work contact your ISP and explain the situation to them...Quote

my email ad

and that uput the correct letters

Doing a report for school. I just want to know what the names are so that I can research them.Typically, we don't help with homework here.

However, if you search Google or yahoo for what you're looking for, you might just find it. will I just have a virus (worm32.netsky) lately, and I try everything in my POWER to delete it, but it pisses me off to much and I just have to reboot my laptop to XP again. That virus is like very hard to find, I try every software, and it even took my wallpaper.tommy,
Please START a new Topic with your issues including ALOT more info on the OS, machine and what HAPPENED prior to this...
You've been around here long ENOUGH now to know how it works.Quote from: patio on December 04, 2007, 10:47:13 AM

You've been around here long enough now to know how it works.

About a week ago I foolishly opened up a suspicious .exe file that I knew I shouldn't have, but what's done is done. My Norton didn't quite stop it so now I have this spyware known as "Personal Security Center." There is a small icon in the taskbar that occasionally pops up with a message warning me I am unsafe. I followed another guide to try to remove the program to no avail, so I came here! I've always gotten help here so I hope I can receive it again! Here's a post of my HJT Log. (Note: I've scanned multiple times with Windows Defender, Norton, Spybot Search & Destroy and Ad-aware. Still nothing has helped. I've always tried using smitfraud in safe mode but still nothing.)


LOGFILE of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:12 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\AC Web Ultimate Repack\Server\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Razer\razerhid.exe
C:\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1135113072\ee\AOLSoftware.exe
C:\WINDOWS\system32\REGSVR32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Zach\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Poopmonkey's Computer
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CM108Sound] RunDll32 CM108.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hotcdgjs] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hotcdgjs.dll"
O4 - HKLM\..\Run: [mvklaper] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\mvklaper.dll"
O4 - HKLM\..\Run: [zzokqyg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zzokqyg.dll,vbikf
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [HP Software Update] C:\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135113072\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [7466ab73] rundll32.exe "C:\WINDOWS\system32\sijrlmlo.dll",b
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [sect gpl] C:\DOCUME~1\Zach\APPLIC~1\INTRAW~1\Loud User.exe

Any chance I can get rid of these useless things in here? (The log, such as random plugins for websites) Any help is appreciated! Thanks =)

Part 2 of HJT Log

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) -
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v45/bejeweled/bejeweled.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164916077194
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B3FF8D1-8F96-4C70-8399-04DFCBC8B57B}: NameServer = 68.94.156.1 68.94.157.1
O18 - Protocol: bw+0 - {333F04C1-BED6-44FA-9263-B279E1D247C2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {333F04C1-BED6-44FA-9263-B279E1D247C2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: shellservice - {8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mysql - Unknown owner - C:\AC.exe (file missing)
O23 - Service: MySQL4 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe (file missing)

--
End of file - 10262 bytes

You have something odd going on there.

You will need to read this post and attach the requested logs.

Well, I'm pleased to announce that using Spyware Doctor successfully removed whatever bugger was in my computer. I will repost if anything comes up again. Sorry to waste your time =(Actually from the HijackThis log you posted the problem appeared to be deeper then being fixed with just Spyware Doctor.

I SUGGEST attaching a new HijackThis log to see if everything was cleaned up or not. It is better to be safe than sorry.Yeah, I can almost guarantee that Spyware Doctor didn't clean up everything going on in this log. It's been awhile (and yes, I'm guilty of bumping an old thread), but if the OP happens to come back, I WOULD suggest following the above advice.As long as you aren't bumping them to tell me I am screwing up!

Where you been man? Thought you gave up on us or something. No no, not at all! I've been very busy with finals for the last week or so. I haven't completely returned yet, but I do have a bit more free time right now.

I posted my concerns in the Windows section of this forum and I was advised to go through the recommended scanning procedures. Here is my original message:
Quote from: jfoulk2 on December 06, 2007, 04:00:49 PM

Hi! I have a Dell Inspiron 1501 with Windows Vista Home Premium with AMD Turion(tm) 64 X2 Mobile Technology TL-60 2.00 GHz 1918 MB RAM 32-bit OS.
My problem is that after about a half hour or so of use, my laptop slows down tremendously, using up about 95% of my RAM. McAfee & Windows Defender do not find any spyware or viruses. I clean & defragment my disk religiously (almost every day) & still I see no improvement. I have turned off unnecessary startup programs.
I am at a loss of words because I have no idea what the problem could be. If my computer or even a program is not in use for a few minutes, it takes a few minutes to respond. It is very frustrating & time-consuming when I have to wait for things to respond. I've read that 2 GB of RAM is fine for Vista, so why is it consuming it all & slowing down? I run usually only one program (Firefox) at a time, but once in a while I will need to run two or more.
So any suggestions or comments? Help is very, very appreciated. Thank you for your time in helping me figure this out.

Nicely Done evilfantasy and thanx for posting back with the results jfoulk2...
We love success stories here !

I GOT the Trojan.win32.agent.akk virus. Two questions. I have Mcafee 2007. HOw did it make it past it and why does it not detect it and get rid of it for me. How can I get rid of it?How it got in I don't know.

How you can get rid of it is read post #1 and #2 here and submit the logs so we can see what needs to be done to remove it.Its too annoying to even use the computer with it. I think I'll just REFORMAT. Its a spare computer anyway, I WONT LOOSE anything important.Sometimes it is the easiest way.

Thanks for letting us know.Thanks for your helpQuote from: pcjoseph1974 on December 07, 2007, 07:05:36 AM

HOw did it make it past it and why does it not detect it and get rid of it for me.

I have Mcafee 2007.

Hello Sir/Madam,

Is it possible that we can install the two antirus on a single O.S.
Ex:AVG & Norton or Norton & Mcafee.

Thanking you. No, unless you're waiting for a conflict.Its possible, everything is possible,Quote

Its possible, everything is possible,

There is no one program that will do it all.

Its possible, everything is possible,

I'm having a LOT of problems CONNECTING to the internet through the ethernet. I think I have it narrowed down to something in the background is using a lot of the signal. The sending and RECIEVING rate goes up by 50 each second on my dial up connection. In no time I'm up to 800,000. On the ethernet connection it shows only sending info and 0 recieving. I forgot to mention that some have suggested I have a virus and go the trendmicro and run a scan. I only have dial up and I can't get it to download. Can anyone GIVE me any suggestions.I've tried to load the PANDA scan. I only have dial-up capability and I think it downloaded and started the scan, 3 hours later it hadn't progress much.

How long should the scan take using dial-up?

How can I check to see if I have the Panda scan downloaded?

I did by some miracle established a ethernet connection by chance so I know everything is work to get to the web through ethernet. HELP! Quote

I forgot to mention that some have suggested I have a virus and go the trendmicro and run a scan. I only have dial up and I can't get it to download

oh i m fade up of my pc problem i tried a lot of antivirus but no one is working....
my problem are:-

1. All folders are converted into exe extensions.
2. All folder size becomes 180KB
3. Task Manager Disabled.
4. Registry Disabled.
5. Administrative rights are disallowed.
6. Folder options is missing.
7. SYSTEMS keeps on restarting sometimes.
8. on double clicking any folder it doesnot open.

after USING a NEW FOLDER.EXE removal tool all my folder were deleted but the hard disk is still occupying same space which i have earlier, now when i go thru address bar i got my folders but all the folder now becomes SYSTEMS HIDDEN FOLDER & hidden option becomes faded....
please please help me getting out of this problem
helpTravel Here and follow the instructions and we'll see if we can get you fixed up...Just in case...do you have WINDOWS CD, or Recovery CD?SUPERANTISPYWARE Scan Log
http://www.superantispyware.com

Generated 12/12/2007 at 01:30 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1358

Scan type : Quick Scan
Total Scan Time : 00:07:27

Memory items scanned : 478
Memory threats detected : 0
Registry items scanned : 653
Registry threats detected : 5
File items scanned : 2726
File threats detected : 0










Quote from: PATIO on December 11, 2007, 08:53:56 AM

Travel Here and follow the instructions and we'll see if we can get you fixed up...

It is a windows screen saver, the one with the 3D pipes. Just making sure, it's not 3rd party screensaver.
Yea, it's not. Do you THINK that having the monitor power settings set to "Turn Off Monitor After 20 Minutes" has anything to do with it?It shouldn't. Let's try Safe Mode, first.Ok, last night I put it in Safe Mode, and when I woke up it was fine. So then before I went to school I put it back to Normal Mode. When I got home from school I moved the mouse to remove the screen saver, and it was fine, for about a minute and then the screen and mouse just froze, so I had to restart it by holding down the power button ( SINCE Ctrl+Alt+Delete wouldn't work).Try re-installing both your mouse and keyboard drivers.And, it is back to the flashing screen. TODAY after school it was all messed up like it was a few days ago.Video card going bad?

Sounds like the same symptoms I had with my win98 once. The screen and mouse would freeze for no apparent reason at any random time. Then one day it froze and I couldn't get it to boot back up to Windows. Turned out to be the vid card.But when I run my computer in Safe Mode it is fine. It's just when I run it in normal mode that it messes up.Quote from: baseballst4r on December 11, 2007, 03:32:40 PM

But when I run my computer in Safe Mode it is fine. It's just when I run it in normal mode that it messes up.

hi all...ive installed spybot -search&destroy..
ive got a pop up SAYING "spybot -search&destroy has detected an important registry entry that has been changed." and its asking me to allow change or deny it
its saying change is: value added
entry :ALUAlert..

IM not sure what it is or what i should be doing...dont want to stuff the pc again..ive only jst changed harddrives...

thanks for al your HELP in advance This is SYMANTEC's Auto update notifier...do you have Norton products on that machine ? ?

Hi All,

I have a PC (running XP) which is displaying McAfee warning messages about an infected file. It gives the name of the virus as PWS-WoW. To begin with the infected file was listed as:

C:\Documents and Settings\%username%\Local Settings\temporary internet files\content.ie5\CG7ZC7C\Loader[1].exe

After I unsuccessfully attempted to delete, clean, quarantine then exclude the file, the message disappeared. The warning then reappeared at 10 minute intervals, each time with a slightly different location for the infected file, examples below:

C:\Documents and Settings\%username%\Local Settings\Temporary Internet Files\Content.IE5\J7WJ1AVV\Loader[1].exe

C:\Documents and Settings\%username%\Local Settings\Temporary Internet Files\Content.IE5\KLXG0REX\Loader[1].exe

After running scans with the tools recommended by this forum, the warning message has now changed, and the infected file is listed as:

C;\Windows\System32\secpol.exe\secpol.exe

And

C:\Windows\System32\fsmgmt.dll

I have attached the three log files, any advice on how to FIX this would be appreciated as I’m PRETTY much a novice when it comes to virus removal.

Thanks

Nick


[saving space - attachment deleted by admin]Enable Viewing Of Hidden System Files & Folders

1. Right Click Start.
2. Select Control Panel.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide extensions for known file types option.
7. Uncheck the Hide protected operating system files (recommended) option.
8. Click Apply.
9. Click OK.

--------------------

Open HijackThis and select Do a system scan only and place a check mark next to:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe,
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = HQ.AUTOCAB.COM
O17 - HKLM\SOFTWARE\..\Telephony: DomainName = HQ.AUTOCAB.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = HQ.AUTOCAB.COM
O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll

Close all windows except for HijackThis and click Fix checked

--------------------

Restart the computer in Safe Mode.

* Restart the computer.
* Before Windows loads start tapping the F8 key.
* When you get to the boot menu, use the arrow keys to select Safe mode
* Then Press Enter
* The computer restarts in Safe mode.

LOCATE this file and delete it. (in bold)

C:\WINDOWS\system32\secpol.exe

Restart in normal mode.

-------------------

Please download ATF Cleaner by Atribune. ATF Cleaner.exe This program does not require an installation. The executable actually runs the program.

NOTE: ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser
* Click Firefox at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

-------------------

Use the Trend Micro Housecall Scan

1. Click Scan Now. It's Free
2. Read and put a Check next to Yes, I accept the Terms of Use
3. Then click Launch HouseCall Wait for the Java-Based Housecall Kernel Test
4. Click Starting Housecall and wait for the updates to finish.
5. Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.

* It will download the latest scan engine and pattern files. When the definitions have been downloaded, the scan will start.
* Please wait while HouseCall scans your system…
* Once the scan is complete, it will take you to the summary page.

6. Under Cleanup options choose Clean all detected infections automatically
7. Click the Clean now>> button.
8. When presented with a notification According to your instructions, all detected infections were cleaned..., click OK

* The Housecall log is saved to C:\Documents and Settings\UserName\.housecall\log\

-------------------

Next post please attach
Housecall scan log.
New HijackThis log.

Please attach the logs as separate attachments and in Text (.txt) format
Hi,

Thanks for your help with this. I have followed your instructions. The Housecall scan produced several log files, so I have attached them all.

Cheers

[saving space - attachment deleted by admin]Final Housecall log...

[saving space - attachment deleted by admin]O4 - HKLM\..\Run: [Di dictionary] "C:\Program Files\Di recnik\Di.exe


I guess this is a worm..but wait for expert confirmation,i'm no expert in these case.
I am aware of this software, we have a Serbian employee who uses this machine, Di Recnik is used for translationWork through this post and attach the logs when done.

I don't know what happened to the Trend Micro scan but it doesn't seem to have done anything.

Also, what do you know about AUTOCAB.COM?AUTOCAB.COM is a domain, but it is no longer used

After installing the latest Spybot Search & Destroy update, I started getting Bad URL warnings on sites I never had problems with before...I uninstalled Spybot for now. Should I re-install an older version or can I get the same protection with AVG Anti Spy & forget about Spybot. I'm sure the problem is with the update or it was one *censored* of a coinsidence?
Any advice would be appreciated. AVG anti-virus, Windows defender all good, use CCleaner too.
Thanks.What type of warnings and what sites are these ? ?
There is nothing at the Safer Networking Site on problems with the last update...
What is your current protection package ? ?The last one that came up was a bad URL warning ... //ad.doubleclick.net/adi/N2713.MSNSY/DoubleClick

Please keep in mind I just wrote this down late last night just before I un-installed Spybot. That was just one of the warnings. Sorry, I should have been more diligent. I realize it is some advertising thing, but I never had these warnings until the update & I always go to the same sites. I am currently running AVG Anti Spyware, AVG Anti Virus & Windows Defender...Also when I would try to launch Spybot, my HD would make an unusually load noise & the program took forever to start & would FREQUENTLY not shut down without going into all this error reporting crap. Is AVG Anti Spyware just as good as Spybot...it does not give me the same problem...I do have an older version of Spybot saved on my HD if you think I should re-install that one.

Thanks Patio, I hope I am a little clearer on the subject.There is one more thing to try.
Try to install Spybot again, but during installation, make sure, TeaTimer is NOT installed.
TeaTimer is real time protection, and it may cause your pop-ups. I've never used that option. I just use Spybot to scan my computer, when scanning time comes.ive been running avg for a few months, and ive never had any problems with it....Thanks Broni...I'm sure now that when I updated Spybot I left the Teatime option checked (not kowning what it actually did). In your expert opinion should I even bother re-installing Spybot or just CONTINUE using AVG Anti Spyware ?
I do feel better knowing I didn't really screw something ELSE up...Thanks a bunch. the GOOD thing about S&D are they notice you every time any registry key added or deleted.From there you can know is it bad or not.
That's why I'm using it together with avira anti virus.
It's just like the combination of Rio & Vidic from Manchester United I would still run Spybot alongside your current protection program...i believe in layered protection.
On a side Note...
I'd also find out whose HDD that is and travel to the manuf. site and DLoad and run the drive diagnostics...FREE.
Loud noises are not NORMAL for a hard drive.

Seeya.So it is OK to run more than one Anti Spyware on the same system...I was under the impression that they might cause some conflict with each other? Or is it OK if they are both not running in the background and you run them manually, but separately?

Thanks for the quick responses...really appreciate it.Quote

should I even bother re-installing Spybot

I get an error message everytime i turn on my computer. the FIRST thing appears at my DESKTOP is,

SSCVIHOST.exe
windows cannot find 'SSCVIHOST .exe'. make sure you typed the name correctly, and then try again.To search for a file, click START button, and then click search.

PLEASE, anyone.. im begging you, please help remove this error message? here is the scan logged at my computer.

[saving space - attachment deleted by admin]Double post. Disregard.

Every time I try to enable protection for FireFox, Spyware Blaster will crash !!!

I tried reinstalling version 3.5.1, it was no HELP.

Is there a fix I can SEE here:
http://www.wilderssecurity.com/showthread.php?p=1127948
that your problem was partially solved, and after your last post there, some new advices were posted.Broni,

Thanks for response, I had GIVEN up on the WILDER Forum. Was looking for a new version of Spyware Blaster.

By the way, are you the Broni of Smart Computing "fame" ?

http://www.smartcomputing.com/QABoard/QAMain.aspx?search=fq&fqid=224135&lnqs=ns&kwds=RWK&qapg=1&guid=3f0a96dc87ee466dbbea281a196ae725Yes, I'm.
I assume, you're same RWK...LOL. Nice to see you
Since famous "strike", me, and some other friends from Smartcomputing, moved on, and we started our own SITE at:
http://www.smartestcomputing.us.com/
If you go there, you'll find some other people, you know.

As for your question, last two posts at Wilder may help.

I posted a hijack log on this forum many times and people say everything is fine with my computer. Lately my computer starts slow and takes a long time until it loads. Then when it loads up the programs that I start work fine, no problem there. The only problem is the boot up process anytime I boot up the computer. Is there any other program that i can use to post my computer process and startup application that are running and maybe anyone in the forum might help me solve my problem. Here is the hijack log in case :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:19 PM, on 12/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\SERVICES.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1192374632\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft EXCEL - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7845 bytes
Your HJT log is clean, however no firewall is listed. Do you use Windows firewall?

As for your your computer slowness, I can't see excessive number of startups, which could be a problem.
What are your computer specs?Here are the specifics of my computer and by the way I use windows firewall
HP Pavilion a810n Desktop PC (AMD Athlon 64 3300+ PROCESSOR, 512 MB RAM, 160 GB Hard Drive, Dbl Layer 16X DVD+/-RW/CR-RW Drive, CD-ROM Drive) # 2.40GHz AMD Athlon 64 3300+ processor, 256KB L2 cache, 1600MHz FSB
# 512MB PC3200 DDR SDRAM memory, expandable to 2GB
# 160GB 7200RPM Ultra DMA HDD
# 48x CD-RW, 16x double-layer DVD-RW
# Integrated SIS Mirage 2 graphics card Get ServiWin: http://www.nirsoft.net/utils/serviwin.html
Open it, press F8 to MAKE sure, services are listed.
For easier access, you may want to print that list. For easier viewing, and printing go View>Choose Columns, and choose first four, only.
Compare your list to BlackViper list:
http://www.blackviper.com/WinXP/servicecfg.htm
I f you have any question, regarding certain process, please post back.

this is all hjt brings up
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:46 PM, on 7/7/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - FBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\RUN: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1103472.exe -Update -1103472 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.33 Safari/532.0" -"http://www.andyslife.org/games/game.php?file=bugs-daffy-fb.dcr"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - STARTUP: wkcalrem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&AMP;ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Microsoft Office\Office12\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\SysWOW64\CSHelper.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\Jumpstart\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdd_device - Unknown owner - C:\Windows\system32\lxddcoms.exe (file missing)
O23 - Service: lxdu_device - Unknown owner - C:\Windows\system32\lxducoms.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Unknown owner - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--Due to the fact that you're running Vista 64 bit I am limited in the number of tools I can use. Sorry.

P2P - I see you have P2P software installed on your machine. (bittorrent,utorrent,limewire and vuze) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will ALWAYS make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

==========================================

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]:OTL

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.

:COMMANDS
[resethosts]
[purity]
[clearrestorepoints]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

=========================================

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R3 - URLSearchHook: (no name) - FBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

==================================

I'd like us to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

Please help?
I've been working on a friend's computer and have exceeded my level of expertise. This computer has been anti-virus-less for several years. I have installed, updated, and run SCANS using McAfee Security Center, Malwarebytes' Anti-Malware, and SUPERANTISPYWARE in both regular Windows mode and in Safe mode. The last set of scans were clean. Automatic update is turned on, but doesn't work. When an update is attempted manually, IE says "The page cannot be displayed"

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:56 PM, on 7/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (FILE missing)
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100701194028.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update MANAGER\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278155706062
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter hijack: text/html - {6fdf122c-f8ff-4454-a880-cd7f14bc814a} - C:\WINDOWS\default32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

--
End of file - 9774 bytes
This issue has been resolved via assistance from Microsoft. The problem was TDSS.

for some unknown reason it seems to have stopped working. Usually, it automatically downloaded updates throughout every day but a few days ago I realized that I hadn't noticed the PROGRAM's icon in the lower right corner of my screen for a few days time. today I re-started my computer but still didn't see the program's icon so i opened the program's interface window and found it said it was switched off. i tried restarting it but it would start and gave an error message. I went into the control PANEL to try to restart it but it still wouldn't start so I uninstalled the program and reinstalled a copy I had gotten from their website today (which may be a different copy than was previously INSTALLED). Now the program still won't start, won't update. I don't understand the problem.

If it matters, I also have Online Armor program installed. I often don't know what is "safe" or not safe and so if something pops up while I'm working and I wasn't trying to open or install something then I usually block it.

My computer is a Compaq Presario LAPTOP running Windows XP

Quote

If it matters, I also have Online Armor program installed. I often don't know what is "safe" or not safe and so if something pops up while I'm working and I wasn't trying to open or install something then I usually block it.

Thanks. It will take me a while to run these various scans of course, just one question in the meantime though: when should I reboot back to normal mode? I'm still in safe mode right now.Try MBAM in Normal Mode, at least.OK, RAN all of the scans and back in normal mode now. No sign of any trouble so far, everything on the system appears to be working fine. Here are the LOGS, as you'll notice MBAM found some malware but SAS and ESET came up totally clean after that (except for a bunch of tracking cookies that SAS found).



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4297

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

7/9/2010 5:01:31 PM
mbam-log-2010-07-09 (17-01-31).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 255999
Time elapsed: 23 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vsmrlpvy (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/09/2010 at 05:32 PM

Application Version : 4.40.1002

Core Rules Database Version : 5178
Trace Rules Database Version: 2990

Scan type : Complete Scan
Total Scan Time : 00:19:27

Memory items scanned : 383
Memory threats detected : 0
Registry items scanned : 13382
Registry threats detected : 0
File items scanned : 29876
File threats detected : 684

Adware.Tracking Cookie
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][11].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][8].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][5].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][6].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][7].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][4].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][9].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
.atdmt.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.atdmt.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
dc.tremormedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.pointroll.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.pointroll.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.overture.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.overture.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.revsci.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.clicksor.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.clicksor.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.zedo.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.zedo.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.burstnet.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.burstnet.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.interclick.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.247realmedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.advertising.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.advertising.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.advertising.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.advertising.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.advertising.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.tacoda.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.tacoda.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.tacoda.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.advertising.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.eyewonder.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.eyewonder.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.statcounter.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.apmebf.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.fastclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.fastclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.linksynergy.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.linksynergy.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.linksynergy.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.chitika.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.specificclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.specificclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.specificclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.specificclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.specificmedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.collective-media.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.statcounter.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.kontera.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.kontera.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.kontera.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.fastclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.realmedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.linksynergy.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.interclick.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adbrite.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adbrite.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
ads.bridgetrack.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
media.mtvnservices.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adbureau.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.statcounter.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.statcounter.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.network.realmedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.statcounter.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.statcounter.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.statcounter.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.pro-market.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adbrite.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.zedo.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.statcounter.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adbrite.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.kontera.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.statcounter.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.statcounter.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
server.iad.liveperson.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.statcounter.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.spylog.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.tripod.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.tripod.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.statcounter.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
ads.crakmedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.statcounter.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.videoegg.adbureau.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.pornhub.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.pornhub.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.pornhub.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.realmedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adxpansion.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.hardsextube.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
adserver.hardsextube.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.hardsextube.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.hardsextube.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www.hardsextube.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www.hardsextube.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.yieldmanager.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.clicksor.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.clicksor.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.clicksor.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.statcounter.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adecn.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.interclick.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.zedo.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.statcounter.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.naiadsystems.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.naiadsystems.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www5.addfreestats.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adtech.de [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ru4.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ru4.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ru4.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ru4.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.burstbeacon.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www3.addfreestats.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.fastclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.zedo.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.specificclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.specificclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.revenue.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ru4.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.oasn04.247realmedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.traveladvertising.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.traveladvertising.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
stats.bootsnall.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
advertising.sheknows.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.revsci.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.funnysexy.ph [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.funnysexy.ph [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.openstat.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adbrite.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.crackle.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.crackle.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.crackle.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.crackle.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.crackle.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.chicagosuntimes.122.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.zedo.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ru4.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ru4.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.legolas-media.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.legolas-media.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.revsci.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adcentriconline.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.advertising.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.revsci.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.media.photobucket.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
dd.snobglobalmedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
in.getclicky.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
googleads.g.doubleclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www.daringsex.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www.daringsex.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www.daringsex.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.zedo.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.zedo.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.foxinteractivemedia.122.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
citi.bridgetrack.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
citi.bridgetrack.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
citi.bridgetrack.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.interclick.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
adserver.uproxx.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
adserver.uproxx.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.collective-media.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.collective-media.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.gosexpod.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.gosexpod.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
media.mtvnservices.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.www.burstnet.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
breakmedia.checkm8.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
breakmedia.checkm8.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
breakmedia.checkm8.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
breakmedia.checkm8.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
breakmedia.checkm8.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
breakmedia.checkm8.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
click.orgycash.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adbrite.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
adprotraffic.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.revsci.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.revsci.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.viavh1video.112.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ehg-ctv.hitbox.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ehg-ctv.hitbox.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ehg-ctv.hitbox.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ctv.122.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.revsci.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.intermundomedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.intermundomedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.intermundomedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
gr.burstnet.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www.burstnet.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.myroitracking.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
o.k.i.cltomedia.info [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.cltomedia.info [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
cltomedia.info [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adserving.contextualmarketplace.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adserving.contextualmarketplace.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ru4.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ru4.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.revsci.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adlegend.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adlegend.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.realmedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.revsci.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.*adult URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.pornaccess.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.pornaccess.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.pornaccess.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.alphaporno.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.alphaporno.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.youporn.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.youporn.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.youporn.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.youporn.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
ads.youporn.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
ad.youporn.videobox.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.youporn.videobox.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.webstat.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.webstat.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.facebookofsex.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.facebookofsex.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.facebookofsex.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.facebookofsex.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.facebookofsex.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.facebookofsex.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adinterax.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adinterax.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.zedo.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.timeinc.122.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
refinery.rotator.hadj7.adjuggler.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
refinery.rotator.hadj7.adjuggler.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\[CONTINUED; disregard last line of post immediately above, as it got cut off]



refinery.rotator.hadj7.adjuggler.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.bravenet.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
ads.factorymedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ru4.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.revsci.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
vod.sextoytv.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
vod.sextoytv.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.revsci.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ipcmedia.122.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adfarm1.adition.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
fl01.ct2.comclick.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.lstat.youku.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.lstat.youku.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.stat.youku.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.burstnet.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www.burstnet.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www.burstnet.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www.burstnet.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.fastclick.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.legolas-media.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.legolas-media.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.realmedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adbrite.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.adbrite.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.hitbox.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ehg-techtarget.hitbox.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.hitbox.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.collective-media.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.collective-media.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.pro-market.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.realmedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.realmedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.reifefrauen.vod-pornos.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
s04.flagcounter.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
s05.flagcounter.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.oasn04.247realmedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.edgeadx.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.edgeadx.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.revsci.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.hearstmagazines.112.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.pro-market.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
timesofindia.indiatimes.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
timesofindia.indiatimes.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
timesofindia.indiatimes.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
ads.bridgetrack.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
ads.bridgetrack.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ru4.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ru4.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.webmediaportal.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.webmediaportal.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www.webmediaportal.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.entrepreneur.122.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ru4.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
tracking.hostgator.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
banner.adchemy.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
banner.adchemy.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.overture.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.perf.overture.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.ru4.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.revsci.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.revsci.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.revsci.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.bannertgt.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.bannertgt.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.bannertgt.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.revsci.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
tracking.dc-storm.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
www.3dstats.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.trinitymirror.112.2o7.net [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.lockedonmedia.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.clickaider.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.sexlist.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.xiti.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\amu31l9y.default\cookies.sqlite ]








[emailprotected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=207dd9924351d844971109b3ae844599
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-09 10:06:01
# local_time=2010-07-09 06:06:01 (-0500, Eastern Daylight Time)
# country="UNITED States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=3588 16777214 100 91 5351976 26864178 0 0
# compatibility_mode=5893 16776574 100 94 17628604 30255142 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=143921
# found=0
# cleaned=0
# scan_time=1469
Are the issues still plaguing your computer?

Or shall we clean up our tools?Can I jump in and ask a question? I am trying to help my sister with the same issue, but she cannot even get her browser to work to download all these programs and fixes you suggest? So how does she get around this when she gets the same message when she tries the internet?Still no signs of trouble Jay, let's do whatever needs to be done to finish up.

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
  
• Select System
  
• On the left select Advance System Settings and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name i.e. Clean
• Select Create

• Go back to the System and Maintenance page
  
• Select Performance Information and Tools
  
• On the left select Open Disk Cleanup
  
• Select Files from all users and accept the warning if you get one
  
• In the drop down box select your main drive i.e. C
• For a few moments the system will make some calculations
• Select the More Options tab
  
• In the System Restore and Shadow Backups select Clean up
  
• Select Delete on the pop up
  
• Select OK
• Select Delete

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

I have a laptop that I use to SURF the web occasionally and I do so by pinging off a public site. One day I woke up and "Comcast" LOG in for customers or technicians was the only thing my computer will display. To make more weider, I don't have Comcast. I tried to restore and I got the IE cannot display web and then just like magic poof there is the Comcast log in page and it will not go AWAY. Any suggestions? I believe I have IE7 and WINDOWS XP. Please help.