When I run windows, there's some hidden program running in the background, so for like the first 10 minutes after windows is loaded, I can't use any program or folder. Ran spybot and this 3 files, I can't deleted.

I've searched out this forum from google with regards to these two problems and it seems to be quite dangerous. Can someone help me? I will post my HJT log. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 10:36:46 AM, on 9/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Matlab6p1\webserver\bin\win32\matlabserver.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Netspace Usage Grabber\NetspaceGrab.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BearShare\BearShare.exe
C:\Documents and Settings\lim wu\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: (no name) - {A1AA9DF0-0D69-0697-1401-57F07DBD6094} - C:\WINDOWS\system32\alujwgjl.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Netspace Usage Grabber.lnk = C:\Program Files\Netspace Usage Grabber\NetspaceGrab.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: AutoCAD Startup Accelerator.lnk.disabled
O4 - Global Startup: iTouch Configuration.lnk = C:\Program Files\Logitech\iTouch\iTouchcf.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\LIMWU~1\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\LIMWU~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D48A0CC-D4A2-4224-BA75-CE0680BB4B0E}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D48A0CC-D4A2-4224-BA75-CE0680BB4B0E}: NameServer = 192.168.1.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{1D48A0CC-D4A2-4224-BA75-CE0680BB4B0E}: NameServer = 192.168.1.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\LIMWU~1\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Matlab6p1\webserver\bin\win32\matlabserver.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Hello and welcome to the forum, sorry for the wait, logs are many and volunteers are few. If you still need help and are not receiving it at another forum, please do this.

1) You are running two antivirus programs at the same time: Grisoft\AVGFRE and NOD32 Antivirus System, this is not a good thing. They conflict with each other and you will be less safe than if you ran one good program and maintained it properly. Uninstall one, update the one you keep and run a complete system scan, post for me any item that can't be removed, the complete name and pathway.
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031316555206
"Microsoft recommends that you have only one anti-virus program installed on your computer."
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/03/AR2005120300087.html

2) I suggest you uninstall this program: BearShare see this information: http://www.castlecops.com/s388-bearshare_exe.html

3) We may be dealing with a Smitfraud infection, this tool will tell us: Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)

4) Complete the above instructions and post the results of SmitfraudFix "Search" and a new HJT log. Add any comments you think will help.

Thanks

hi pskelley,

Scan performed at: 10/1/2006 3:05:30 AM
Scanning Log
NOD32 version 1.1784 (20060929) NT
Operating memory - is OK

Date: 1.10.2006 Time: 03:05:42
Scanned disks, folders and files: C:; D:; E:; F:; G:
C:\hiberfil.sys - error opening (File locked) [4]
C:\pagefile.sys - error opening (File locked) [4]
C:\Documents and Settings\lim wu\Desktop\SmitfraudFix.zip »ZIP »SmitfraudFix/Process.exe - Win32/PrcView application
C:\Documents and Settings\lim wu\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\lim wu\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\lim wu\Local Settings\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\Cache\633285D9d01 »ZIP »SmitfraudFix/Process.exe - Win32/PrcView application
C:\Documents and Settings\lim wu\Local Settings\Temp\sa54.exe »NSIS »Spy-Quake2.exe - Win32/Adware.SpywareQuake application
C:\Documents and Settings\lim wu\Local Settings\Temp\Temporary Internet Files\Content.IE5\816FG1Y7\anti4[1].exe - a variant of Win32/TrojanDownloader.ConHook trojan
C:\Documents and Settings\lim wu\Local Settings\Temporary Internet Files\Content.IE5\OLKXINWH\SysProtectScannerInstall[1].cab »CAB »USYP_0002_N91M1708NetInstaller.exe - probably a variant of Win32/Adware.WinFixer application
C:\Documents and Settings\LocalService\NTUSER.DAT - error opening (File locked) [4]
C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »Ad-Aware SE Default.skn - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »arrow1.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »arrow2.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bck1.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt11.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt12.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt13.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt21.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt22.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt23.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt31.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt32.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt33.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt41.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt42.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt43.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt51.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt52.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt53.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt61.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »bt62.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »checkbox1.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »checkbox2.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »checkbox3.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »checkbox4.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »defbtn1.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »defbtn2.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »defbtn3.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »glyph1.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »glyph2.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »glyph3.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »glyph4.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »glyph5.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »glyph6.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »glyph7.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »main.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »preview.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »sprite1.bmp - error - password-protected file
C:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
C:\WINDOWS\SoftwareDistribution\EventCache\{2618FA41-399B-44D1-A192-C9D41E9CBA3A}.bin - error opening (File locked) [4]
C:\WINDOWS\SoftwareDistribution\EventCache\{FD44E2C8-829D-45F2-A926-8604BC91FBF8}.bin - error opening (File locked) [4]
C:\WINDOWS\system32\hggfedd.dll - a variant of Win32/TrojanDownloader.ConHook trojan
C:\WINDOWS\system32\config\default - error opening (File locked) [4]
C:\WINDOWS\system32\config\default.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\SAM - error opening (File locked) [4]
C:\WINDOWS\system32\config\SAM.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\software - error opening (File locked) [4]
C:\WINDOWS\system32\config\software.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\system - error opening (File locked) [4]
C:\WINDOWS\system32\config\system.LOG - error opening (File locked) [4]
D:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »Ad-Aware SE Default.skn - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »arrow1.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »arrow2.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bck1.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt11.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt12.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt13.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt21.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt22.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt23.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt31.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt32.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt33.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt41.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt42.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt43.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt51.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt52.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt53.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt61.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »bt62.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »checkbox1.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »checkbox2.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »checkbox3.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »checkbox4.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »defbtn1.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »defbtn2.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »defbtn3.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »glyph1.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »glyph2.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »glyph3.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »glyph4.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »glyph5.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »glyph6.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »glyph7.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »main.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »preview.bmp - error - password-protected file
E:\My Stuff\aawsepersonal.exe »WISE »Ad-Aware SE default.ask »ZIP »sprite1.bmp - error - password-protected file
E:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
E:\System Volume Information\_restore{FA296778-132F-449F-868F-57E9E92378DA}\RP62\A0003885.EXE »WISE »fsg.exe - Win32/Adware.Gator.Trickler application
F:\RECYCLER\NPROTECT\00000000.exe - error opening (Access denied) [4]
F:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
G:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
Number of scanned files: 378815
Number of threats found: 7
Number of files cleaned: 2
Number of active threats: 5
Time of completion: 10:01:17 Total scanning time: 24935 sec (06:55:35)

Notes:
[4] File cannot be opened. It may be in use by another application or operating system.

That's my scan log. The ones I put in bold are the ones that couldn't be removed.

Also, the process.exe file in the SmitFraudFix was quarantined by NOD32. I can't run the cmd file without it. How do i fix that? Tried to turn off NOD32 and unzip the files but process.exe won't turn up.

I have another problem I forgot to mention, is that whenever I run my browser (ie Firefox), a pop up comes up, and it is some anti virus ad, Win Anti Virus 2006, I think. Bloody irritating.

By the way, I deleted bearshare.

Just need to run SmitFraudFix. =*(

Thanks for returning that information. You probably have a Vundo infection, and we will get to it as soon as possible. I need to see the information I reqested before I can proceed.

4) Complete the above instructions and post the results of SmitfraudFix "Search" and a new HJT log. Add any comments you think will help.


Also, the process.exe file in the SmitFraudFix was quarantined by NOD32. I can't run the cmd file without it. How do i fix that? Tried to turn off NOD32 and unzip the files but process.exe won't turn up.
We need to run that program, turn of your antivirus program when you download it, follow the instructions for Smitfraudfix, and then turn your antivirus program back on. If you have to, contact the tech folks at NOD32 and ask them how to do it. If you are infected, we need the tool to clean the infection also. Seems NOD32 is not going to clean it for you!!

Thanks

Uninstalled NOD32 and got SmitFraudFix to work! =) Here's the log.

SmitFraudFix v2.103

Scan done at 22:13:28.65, Sun 10/01/2006
Run from D:\sff\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\keyboard1.dat FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ot.ico FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\lim wu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\lim wu\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LIMWU~1\FAVORI~1

C:\DOCUME~1\LIMWU~1\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

New HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 10:15:25 PM, on 10/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Matlab6p1\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Netspace Usage Grabber\NetspaceGrab.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: (no name) - {A1AA9DF0-0D69-0697-1401-57F07DBD6094} - C:\WINDOWS\system32\alujwgjl.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Netspace Usage Grabber.lnk = C:\Program Files\Netspace Usage Grabber\NetspaceGrab.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: AutoCAD Startup Accelerator.lnk.disabled
O4 - Global Startup: iTouch Configuration.lnk = C:\Program Files\Logitech\iTouch\iTouchcf.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\LIMWU~1\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\LIMWU~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D48A0CC-D4A2-4224-BA75-CE0680BB4B0E}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D48A0CC-D4A2-4224-BA75-CE0680BB4B0E}: NameServer = 192.168.1.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{1D48A0CC-D4A2-4224-BA75-CE0680BB4B0E}: NameServer = 192.168.1.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\LIMWU~1\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Matlab6p1\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

OK, good job:bigthumb: you can see the tool found the infection. Follow the directions in this link: http://forums.spybot.info/showthread.php?t=4015 When you finish the instructions, post the three logs in this same topic using the "Post Reply" button.
Just do not run the "search" function again, you know it is there. Complete all of the rest of the instructions.

Spybot-S&D: Be sure to follow the directions to save the scan report but do not post it here unless requested by a helper.

I want you to return here: C:\HijackThis\HijackThis.exe before you post the next HJT log. Rename HJT to say MyFix.exe or something similiar, then restart the computer and scan for the new log. If the Vundo infection is there you will be able to see it in BHO's and in the 020 Winlogon.

Thanks...pskelley
Safer Networking Forums

If you would like to let your thoughts be known about the lowlifes who put that junk on your computer, you can do that here:
If you have been infected by one of the SpyAxe family
http://forums.tomcoyote.org/index.php?showtopic=58063
http://www.malwarecomplaints.info/

i seem to have a problem running safe mode on my computer. somehow when i login, the screen is just black, and this pop up comes up, asking for System Restore, and it goes away, and after that, nothing comes up. Just a black screen, with the 4 corners written safe mode and Microsoft Windows XP on the top.

I've waited for quite some time and I can't seem to get into my computer in safe mode. =(

is it possible to do all those things without safe mode?

The tools will do a much better job of cleaning your computer if they are run in safe mode, when the junk is not running. Here are more instructions for accessing safe mode:
http://www.bleepingcomputer.com/tutorials/tutorial61.html
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mfr=true

This is your computer's diagnostic mode, and you should be able to access it anytime you need to. I do all of my maintenance in safe mode. If you absloutely can not boot to safe mode once you have reviewed the information I have just posted, then try it in normal mode to see what happens.

Thanks

ok i'm back. managed to run safe mode (with networking). run all the stuff from the other thread. here's the logs.

Rapport.txt:
SmitFraudFix v2.103

Scan done at 22:45:08.84, Mon 10/02/2006
Run from C:\Documents and Settings\lim wu\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\keyboard1.dat Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\DOCUME~1\LIMWU~1\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Ewido log:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:20:16 PM 10/2/2006

+ Scan result:



C:\WINDOWS\system32\rgh16e09.dll -> Adware.IEHelper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer -> Adware.Look2Me : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ѕуstem32\spoolsv.exe -> Downloader.PurityScan.cx : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.260:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.261:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.262:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.263:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.264:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.265:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.266:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.267:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.268:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.269:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.270:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.276:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.277:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.278:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.279:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.280:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.281:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.282:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.283:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.284:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.285:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.286:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.287:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.288:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.315:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.316:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.317:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.318:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.321:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.437:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.733:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.767:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.824:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\lim wu\Cookies\lim wu@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.202:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.203:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.693:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.851:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\lim wu\Cookies\lim wu@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.482:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.483:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.484:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.485:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.486:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.488:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.344:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.345:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.271:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.272:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.273:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.274:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.275:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.297:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.663:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.664:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.68:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.69:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.70:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.71:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.72:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.73:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.74:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.75:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.754:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.115:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.167:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.788:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.744:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.745:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.746:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.747:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\lim wu\Local Settings\Temp\Cookies\lim wu@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.62:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.295:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.296:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.348:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.349:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.432:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.45:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.46:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.47:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.

:mozilla.522:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.650:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.651:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.681:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.682:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.683:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.684:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.685:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.686:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.687:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.688:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.689:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.690:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.691:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.694:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.695:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.724:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.725:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.833:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.847:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.860:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.861:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.862:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.863:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.864:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.865:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.866:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.867:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.868:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.870:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.897:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.578:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.579:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.136:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.137:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.138:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.139:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.140:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.141:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.359:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.360:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.361:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.204:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.205:C:\Documents and Settings\lim wu\ApplicationData\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.206:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.207:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.208:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.209:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.210:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.768:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.763:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.764:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.463:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.530:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.766:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.102:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.103:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.104:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.105:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.106:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.108:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.109:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.110:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.111:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.112:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.338:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.399:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.614:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.720:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.721:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.722:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.723:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.839:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.840:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.841:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.842:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.813:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.169:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.170:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.107:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.656:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.212:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.213:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.214:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.215:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.54:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.55:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.56:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.57:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.150:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.153:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.154:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.155:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.156:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.158:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.159:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\lim wu\Cookies\lim wu@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\lim wu\Local Settings\Temp\Cookies\lim wu@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.393:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.394:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.400:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.401:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.402:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.403:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.404:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.405:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.759:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.760:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.527:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.528:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.529:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.225:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.226:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.227:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.228:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.229:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.:mozilla.230:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.231:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.232:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.233:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.234:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.235:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.236:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.237:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.238:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.239:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.240:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.241:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.242:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.243:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.244:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.245:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.246:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.247:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.248:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.249:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.250:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.251:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.252:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.253:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.254:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.255:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.549:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.550:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.657:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.194:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.15:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.900:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.449:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.142:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.143:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.144:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.145:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.146:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.147:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\lim wu\Local Settings\Temp\Cookies\lim wu@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.618:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.619:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.620:C:\Documents and Settings\lim wu\Application Data\Mozilla\Firefox\Profiles\b5j0osw3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 11:37:03 PM, on 10/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Matlab6p1\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Netspace Usage Grabber\NetspaceGrab.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\MyFix.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: (no name) - {A1AA9DF0-0D69-0697-1401-57F07DBD6094} - C:\WINDOWS\system32\alujwgjl.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {A7060339-5F0E-4580-A551-CC9F46B3C42F} - (no file)
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\okftjknw.dll (file missing)
O2 - BHO: (no name) - {F58BB1BB-90C1-49DC-9D89-6F14FCE01907} - C:\WINDOWS\system32\urspp.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Netspace Usage Grabber.lnk = C:\Program Files\Netspace Usage Grabber\NetspaceGrab.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: AutoCAD Startup Accelerator.lnk.disabled
O4 - Global Startup: iTouch Configuration.lnk = C:\Program Files\Logitech\iTouch\iTouchcf.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\LIMWU~1\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\LIMWU~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D48A0CC-D4A2-4224-BA75-CE0680BB4B0E}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D48A0CC-D4A2-4224-BA75-CE0680BB4B0E}: NameServer = 192.168.1.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{1D48A0CC-D4A2-4224-BA75-CE0680BB4B0E}: NameServer = 192.168.1.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: urspp - C:\WINDOWS\system32\urspp.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\LIMWU~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Matlab6p1\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

hope you can help me. anyway, the stupid WinAntiVirus2006 still pop ups when I open my Firefox.

Plus Spybot couldn't remove cmdService when I ran it during safe mode. The registry's in CurrentControlSet and ControlSet001.

What to do next?

Thanks for returning your information. Let me say first that you are storing a load of cookies you do not need to store, this information will help you:
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html
Just remember a few cookies a necessary for passwords at some sites and banking, etc., so you have to allow for some.

command.exe is Spybot reporting something left in the registry from a removal by another tool (probably Ad-aware) It is not a problem, and we will do that last.

We can see the Vundo trojan now, this is it:
O2 - BHO: (no name) - {F58BB1BB-90C1-49DC-9D89-6F14FCE01907} - C:\WINDOWS\system32\urspp.dll
O20 - Winlogon Notify: urspp - C:\WINDOWS\system32\urspp.dll
Understand that the fix we are going to use may not recognize the bad file the first time and it may take several runs of the tool to remove it. You will see when it says it has been able to delete all files it located. If it can't find that file the first time, it would help others if you would uplode the file, the link and instructions are posted. I am going to post the instructions for the balance of the junk, just make sure Vundo has been deleted before you move to those instructions.

Thanks to Atribune and any others who helped with this fix.

1) Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com
______________________________________________________________

2) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

3) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(some may be gone, just don't miss any)

R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: (no name) - {A1AA9DF0-0D69-0697-1401-57F07DBD6094} - C:\WINDOWS\system32\alujwgjl.dll (file missing)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {A7060339-5F0E-4580-A551-CC9F46B3C42F} - (no file)
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\okftjknw.dll (file missing)
O2 - BHO: (no name) - {F58BB1BB-90C1-49DC-9D89-6F14FCE01907} - C:\WINDOWS\system32\urspp.dll
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\LIMWU~1\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\LIMWU~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O20 - Winlogon Notify: urspp - C:\WINDOWS\system32\urspp.dll

Close all programs but HJT and all browser windows, then click on "Fix Checked"

5) RIGHT Click on Start then click on Explore. Locate and delete these items:

(may be gone, just check to make sure)

C:\WINDOWS\system32\urspp.dll <<< delete that file

6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post the results of Vundofix, a new HJT log and let me know how the computer is running now.

Thanks...Phil

I believe your Java program needs and update, that is a security issues, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.5.0_06\ <<< out of date?

Done all those. Here's my VundoFix and HJT Logs.

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.6

Scan started at 10:00:58 AM 10/3/2006

Listing files found while scanning....

C:\WINDOWS\system32\urspp.dll
C:\WINDOWS\system32\ppsru.ini
C:\WINDOWS\system32\ppsru.bak1
C:\WINDOWS\system32\ppsru.bak2
C:\WINDOWS\system32\ppsru.ini2
C:\WINDOWS\system32\ppsru.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\urspp.dll
C:\WINDOWS\system32\urspp.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ppsru.ini
C:\WINDOWS\system32\ppsru.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppsru.bak1
C:\WINDOWS\system32\ppsru.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppsru.bak2
C:\WINDOWS\system32\ppsru.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppsru.ini2
C:\WINDOWS\system32\ppsru.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppsru.tmp
C:\WINDOWS\system32\ppsru.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.6

Scan started at 10:06:02 AM 10/3/2006

Listing files found while scanning....

C:\WINDOWS\system32\urspp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\urspp.dll
C:\WINDOWS\system32\urspp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 10:26:27 AM, on 10/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Matlab6p1\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Netspace Usage Grabber\NetspaceGrab.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\HijackThis\MyFix.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Netspace Usage Grabber.lnk = C:\Program Files\Netspace Usage Grabber\NetspaceGrab.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: AutoCAD Startup Accelerator.lnk.disabled
O4 - Global Startup: iTouch Configuration.lnk = C:\Program Files\Logitech\iTouch\iTouchcf.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D48A0CC-D4A2-4224-BA75-CE0680BB4B0E}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D48A0CC-D4A2-4224-BA75-CE0680BB4B0E}: NameServer = 192.168.1.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{1D48A0CC-D4A2-4224-BA75-CE0680BB4B0E}: NameServer = 192.168.1.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\LIMWU~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Matlab6p1\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Hope my computer is clean now. Computer startup is ok, just that I can't run Firefox straight away though. The cursor changes to the the one with a clock next to it, so when I click on Firefox it lags for about 30s before firefox comes out. Other than that, I think everything is running smoothly now. =)

Regarding the ATF Cleaner, do I have to run it with every scan or something? Plus, if I have spybot now, do I still need adaware? Also, which antivirus program do you recommend since I deleted mine now for the time being.

Let me know if the logs show you any more problems. Hope that's it! =) No popups now by the way.

Thanks a bunch!

Great job of following those complex instruction:bigthumb: Your HJT log looks good, how is the computer running now?
________________________________________________________________

Please download and unzip Ren-cmdservice to your Desktop.
It will only work correctly if the folder is placed on your Desktop and extracted !!.
http://www.bleepingcomputer.com/files/lonny/ren-cmdservice.zip

Open the ren-cmdservice folder by doubleclicking it and then doubleclick the
ren-cmdservice.bat file to run the program.
A text will open when it is finished, Post it please.
Then restart the PC run spybot check for and fix any problems found.
_________________________________________________________________

ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

If all is running well, then safe surfing...tashi:) will close your topic in a few days.

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

I just posted links for you from experts, if your answers are not in there, let me know.

Check to see if Firefox needs an update, or look here:
http://www.mozilla.org/support/

Thanks

ren-cmdservice log:

Running from C:\Documents and Settings\lim wu\Desktop\ren-cmdservice
No Image Path Listed in Registry

-----------------
Deleting cmdservice key
cmdservice key deleted
..
-----------------
Commandline utilities (SWReg and SWSC)
Written by Bobbi Flekman © 2005
-----------------
Finised, Post this text then
Please Restart your PC
ren-cmdservice.bat edited 6-25-2006
-----------------

Looks good:bigthumb: tashi:) can close the topic when time permits.

Thanks

Thanks a bunch for your help dude! Cheers!

Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).