Need to repair internet every 30 min

Status
Not open for further replies.
N

Naratov

New member
I continually have to repair my internet about every 30 minutes. I have checked all my internet settings, and they all seem to be okay. Also, I can't view my C drive. My computer also seems to run a lot slower than it should.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58 AM, on 10/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6580 bytes
 
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.
Click to expand...
Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following


Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
 
info.txt:

info.txt logfile of random's system information tool 1.04 2008-10-23 12:49:28

======Uninstall list======

-->MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
BitDefender Internet Security 2008-->MsiExec.exe /I{BF7D87C5-CFC3-40C5-A367-24586EEBB8CA}
CyberPower Audio Editing Lab 12.9-->"C:\Program Files\CyberPower Audio Editing Lab\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Linksys Wireless-N USB Network Adapter WUSB300N-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCD3471D-4DDA-4DC2-8B9F-A662D0C362AC}\setup.exe" -l0x9
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Age of Empires-->C:\Program Files\Microsoft Games\Age of Empires\Uninstal.exe /uninstall
Microsoft Office 2000 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mozilla Firefox (2.0.0.17)-->K:\System\Apps\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\firefox\uninstall\helper.exe
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
QuickBooks Premier: Nonprofit Edition 2007-->msiexec.exe /I {71EEA108-09C9-4D81-8FA2-D48C70681242} UNIQUE_NAME="nonprofit" QBFULLNAME="QuickBooks Premier: Nonprofit Edition 2007" ADDREMOVE=1
QuickBooks Product Listing Service-->MsiExec.exe /I{91208A47-5D08-4C79-986F-1931940F51BB}
RegAlyzer-->"C:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Smart Budget-->MsiExec.exe /I{03219BA9-3753-4B20-B088-9082C76E16D5}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
Unlocker 1.8.5-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll

=====HijackThis Backups=====

O2 - BHO: (no name) - {DEEE7F12-92D7-4605-A90E-36B49D844CD7} - C:\WINDOWS\system32\mllml.dll (file missing)
O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - C:\WINDOWS\system32\yayxywt.dll (file missing)
O2 - BHO: (no name) - {4311AD61-38F5-4627-F8CE-61A396F9F0CA} - C:\WINDOWS\system32\qlf.dll (file missing)
O2 - BHO: (no name) - {9E51510C-F8BF-42DD-AEE8-E72FE0CF94DA} - C:\WINDOWS\system32\compob.dll
O2 - BHO: (no name) - {BE90A72A-31CF-174C-EA5D-4F761E3B07B0} - C:\WINDOWS\system32\itblh.dll (file missing)
O2 - BHO: (no name) - {b7f0fe74-6679-4a65-8f84-dcc3899155ff} - C:\WINDOWS\system32\xjegktl.dll (file missing)
O2 - BHO: {0dc532d5-7751-8459-6c84-d9a827e084ee} - {ee480e72-8a9d-48c6-9548-15775d235cd0} - C:\WINDOWS\system32\oebdefji.dll
O2 - BHO: (no name) - {A00D8EC8-A50C-4662-88FC-F48DAB390707} - C:\WINDOWS\system32\hjwkyepk.dll
O2 - BHO: 0 - {977DADA3-AB23-46FC-51B6-07F9B8F26610} - C:\Program Files\Internet Explorer\quja727.dll (file missing)
O2 - BHO: (no name) - {326E9696-5055-7F8E-5761-5B00BCC988CB} - C:\WINDOWS\system32\jxalxa.dll
O2 - BHO: (no name) - {9E51510C-F8BF-42DD-AEE8-E72FE0CF94DA} - C:\WINDOWS\system32\compob.dll
O2 - BHO: (no name) - {9E51510C-F8BF-42DD-AEE8-E72FE0CF94DA} - C:\WINDOWS\system32\compob.dll
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.winantispyware.com
O4 - HKCU\..\Run: [Gcp] C:\WINDOWS\system32\?ystem\s?ool32.exe
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.winfixer.com
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\thinksnet.exe
O15 - Trusted Zone: *.winantivirus.com
O4 - HKLM\..\Run: [{35-56-6E-EF-ZN}] C:\DOCUME~1\Owner\LOCALS~1\Temp\thinksnet.exe CHD003
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O4 - HKCU\..\Run: [Usrr] "C:\DOCUME~1\Owner\APPLIC~1\SSEMBL~1\lsass.exe" -vt ndrv
O4 - HKLM\..\Run: [NI.UWAS6_0001_N91M1508] "C:\DOCUME~1\Chase\LOCALS~1\Temp\winaspsnet.exe" -nag
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O2 - BHO: (no name) - {9E51510C-F8BF-42DD-AEE8-E72FE0CF94DA} - C:\WINDOWS\system32\compob.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tkswyojp.exe (file missing)
O20 - Winlogon Notify: mllml - C:\WINDOWS\system32\mllml.dll (file missing)
O20 - Winlogon Notify: yayxywt - yayxywt.dll (file missing)
O2 - BHO: (no name) - {9E51510C-F8BF-42DD-AEE8-E72FE0CF94DA} - C:\WINDOWS\system32\compob.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: (no name) - {6CF0A05E-7D6B-4E00-B836-B3F23513657C} - C:\WINDOWS\system32\cbXPiGww.dll
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O21 - SSODL: fdxbameg - {E920C2C8-7848-430B-A473-A3E5A473CDC2} - C:\WINDOWS\fdxbameg.dll
O3 - Toolbar: (no name) - {83B3FEA7-601A-4BB0-8D74-A819069A4CFA} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O2 - BHO: QXK Olive - {DACA1E5E-6969-4475-B758-986E883CF152} - C:\WINDOWS\wbxdpgfeqod.dll
O21 - SSODL: fsrpknov - {FDA8F291-401E-4B8D-B4E8-D834536F0570} - C:\WINDOWS\fsrpknov.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O21 - SSODL: fsrpknov - {4FD6C07C-F1C6-41BE-B876-59B9D9B9DF08} - C:\WINDOWS\fsrpknov.dll (file missing)
O2 - BHO: (no name) - {6CF0A05E-7D6B-4E00-B836-B3F23513657C} - C:\WINDOWS\system32\cbXPiGww.dll (file missing)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O2 - BHO: (no name) - {9E51510C-F8BF-42DD-AEE8-E72FE0CF94DA} - C:\WINDOWS\system32\compob.dll
O2 - BHO: (no name) - {9E51510C-F8BF-42DD-AEE8-E72FE0CF94DA} - C:\WINDOWS\system32\compob.dll
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O20 - Winlogon Notify: cbXPiGww - cbXPiGww.dll (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {9E51510C-F8BF-42DD-AEE8-E72FE0CF94DA} - (no file)

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Bitdefender Antivirus
FW: Bitdefender Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip

-----------------EOF-----------------







log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-10-23 12:48:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 86 GB (56%) free of 153 GB
Total RAM: 703 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48 PM, on 10/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7174 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2008-02-28 86016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2004-03-03 2904064]
"CHotkey"=C:\WINDOWS\zHotkey.exe [2004-05-17 543232]
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe [2004-03-11 135168]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-12-15 49152]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe [2007-10-09 61440]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2008-09-15 368640]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"nwiz"=nwiz.exe /install []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-10-23 443968]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe [2006-11-29 968224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6CF0A05E-7D6B-4E00-B836-B3F23513657C}"= []
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\hjwkyepk.dll
"notification packages"=
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispCPL"=0
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoToolbarCustomize"=1
"NoDrives"=12
"StartMenuLogoff"=1
"NoStartMenuMorePrograms"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:javaw"
"C:\WINDOWS\system32\wfikftdo.exe"="C:\WINDOWS\system32\wfi"
"C:\WINDOWS\system32\tkswyojp.exe"="C:\WINDOWS\system32\tks"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Games\Age of Empires\Empires.exe"="C:\Program Files\Microsoft Games\Age of Empires\Empires.exe:*:Enabled:Age of Empires"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Owner\Application Data\U3\0D61395161D38A27\020BD180-AF7E-413C-9635-CFA208B739AF\Exec\Xfire.exe"="C:\Documents and Settings\Owner\Application Data\U3\0D61395161D38A27\020BD180-AF7E-413C-9635-CFA208B739AF\Exec\Xfire.exe:*:Enabled:Xfire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12c4441-089b-11dc-a034-806d6172696f}]
shell\AutoRun\command - D:\aoesetup.exe
shell\dxsetup\command - D:\directx\dxsetup.exe
shell\ie30\command - D:\goodies\ie30295.exe
shell\ie30nt\command - D:\goodies\ie302nt.exe
shell\msinfo\command - D:\goodies\msinfo\msinfo32.exe
shell\setup\command - D:\aoesetup.exe


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2008-10-23 12:48:29 ----D---- C:\rsit
2008-10-19 09:55:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-18 15:19:14 ----D---- C:\WINDOWS\Prefetch
2008-10-18 12:35:44 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-18 12:35:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-18 12:35:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-18 12:35:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-18 12:35:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-18 12:34:55 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-10-18 12:34:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-18 12:34:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-18 12:34:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-18 12:34:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-18 12:34:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-18 12:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-18 12:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-18 12:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-18 12:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-18 12:33:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-10-18 12:33:24 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-18 12:33:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-18 12:13:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-15 03:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-15 03:06:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 03:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-15 03:06:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-15 03:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-15 03:03:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$
2008-10-08 21:20:08 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-08 21:20:02 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-10-08 21:18:48 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-10-08 21:18:48 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-10-08 21:18:48 ----A---- C:\WINDOWS\system32\cmd.exe
2008-10-08 21:18:48 ----A---- C:\WINDOWS\system32\cacls.exe
2008-10-08 21:18:48 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-10-08 21:18:48 ----A---- C:\WINDOWS\system32\autochk.exe
2008-10-08 21:18:48 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-10-08 21:18:47 ----A---- C:\WINDOWS\system32\locator.exe
2008-10-08 21:18:47 ----A---- C:\WINDOWS\system32\localspl.dll
2008-10-08 21:18:47 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-10-08 21:18:47 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-10-08 21:18:47 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-10-08 21:18:47 ----A---- C:\WINDOWS\system32\ftp.exe
2008-10-08 21:18:47 ----A---- C:\WINDOWS\system32\format.com
2008-10-08 21:18:47 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-10-08 21:18:47 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-10-08 21:18:46 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-10-08 21:18:46 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-10-08 21:18:46 ----A---- C:\WINDOWS\system32\printui.dll
2008-10-08 21:18:46 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-10-08 21:18:46 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-10-08 21:18:46 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-10-08 21:18:46 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-10-08 21:18:46 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-10-08 21:18:46 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-10-08 21:18:46 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-10-08 21:18:46 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-10-08 21:18:46 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-10-08 21:18:46 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-10-08 21:18:46 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-10-08 21:18:46 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-10-08 21:18:46 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-10-08 21:18:45 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-10-08 21:18:45 ----A---- C:\WINDOWS\system32\smss.exe
2008-10-08 21:18:45 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-10-08 21:18:45 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-08 21:18:45 ----A---- C:\WINDOWS\system32\services.exe
2008-10-08 21:18:45 ----A---- C:\WINDOWS\system32\schannel.dll
2008-10-08 21:18:45 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-10-08 21:18:45 ----A---- C:\WINDOWS\system32\savedump.exe
2008-10-08 21:18:45 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-10-08 21:18:45 ----A---- C:\WINDOWS\system32\samlib.dll
2008-10-08 21:18:45 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-10-08 21:18:45 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-10-08 21:18:45 ----A---- C:\WINDOWS\system32\rasman.dll
2008-10-08 21:18:45 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-10-08 21:18:44 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-10-08 21:18:44 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-10-08 21:18:44 ----A---- C:\WINDOWS\system32\userinit.exe
2008-10-08 21:18:44 ----A---- C:\WINDOWS\system32\untfs.dll
2008-10-08 21:18:44 ----A---- C:\WINDOWS\system32\ulib.dll
2008-10-08 21:18:44 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-10-08 21:18:44 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-10-08 21:18:37 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-10-08 21:18:37 ----A---- C:\WINDOWS\system32\HAL.DLL
2008-10-08 21:18:36 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-10-08 20:11:05 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-10-08 19:47:12 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-10-08 19:31:09 ----D---- C:\WINDOWS\system32\scripting
2008-10-08 19:31:06 ----D---- C:\WINDOWS\l2schemas
2008-10-08 19:31:05 ----D---- C:\WINDOWS\system32\en
2008-10-08 19:31:05 ----D---- C:\Program Files\msn
2008-10-08 19:22:17 ----D---- C:\WINDOWS\network diagnostic
2008-10-08 19:17:50 ----N---- C:\WINDOWS\system32\_003799_.tmp.dll
2008-10-08 19:17:40 ----N---- C:\WINDOWS\system32\_003798_.tmp.dll
2008-10-08 19:16:20 ----N---- C:\WINDOWS\system32\_003796_.tmp.dll
2008-10-08 19:16:19 ----N---- C:\WINDOWS\system32\_003791_.tmp.dll
2008-10-08 19:16:19 ----N---- C:\WINDOWS\system32\_003790_.tmp.dll
2008-10-08 19:16:18 ----N---- C:\WINDOWS\system32\_003789_.tmp.dll
2008-10-08 19:16:18 ----N---- C:\WINDOWS\system32\_003788_.tmp.dll
2008-10-08 19:16:18 ----N---- C:\WINDOWS\system32\_003787_.tmp.dll
2008-10-08 19:16:18 ----N---- C:\WINDOWS\system32\_003784_.tmp.dll
2008-10-08 19:16:17 ----N---- C:\WINDOWS\system32\_003783_.tmp.dll
2008-10-08 19:16:17 ----N---- C:\WINDOWS\system32\_003782_.tmp.dll
2008-10-08 19:16:17 ----N---- C:\WINDOWS\system32\_003781_.tmp.dll
2008-10-08 19:16:16 ----N---- C:\WINDOWS\system32\_003779_.tmp.dll
2008-10-08 19:16:16 ----N---- C:\WINDOWS\system32\_003778_.tmp.dll
2008-10-08 19:16:16 ----N---- C:\WINDOWS\system32\_003776_.tmp.dll
2008-10-08 19:16:15 ----N---- C:\WINDOWS\system32\_003774_.tmp.dll
2008-10-08 19:16:15 ----N---- C:\WINDOWS\system32\_003773_.tmp.dll
2008-10-08 19:16:14 ----N---- C:\WINDOWS\system32\_003769_.tmp.dll
2008-10-08 19:16:14 ----N---- C:\WINDOWS\system32\_003768_.tmp.dll
2008-10-08 19:16:13 ----N---- C:\WINDOWS\system32\_003765_.tmp.dll
2008-10-08 19:16:13 ----N---- C:\WINDOWS\system32\_003763_.tmp.dll
2008-10-08 19:16:13 ----N---- C:\WINDOWS\system32\_003762_.tmp.dll
2008-10-08 19:16:13 ----N---- C:\WINDOWS\system32\_003761_.tmp.dll
2008-10-08 19:16:13 ----N---- C:\WINDOWS\system32\_003759_.tmp.dll
2008-10-08 19:16:12 ----N---- C:\WINDOWS\system32\_003758_.tmp.dll
2008-10-08 19:16:12 ----N---- C:\WINDOWS\system32\_003755_.tmp.dll
2008-10-08 19:16:12 ----N---- C:\WINDOWS\system32\_003754_.tmp.dll
2008-10-08 19:16:11 ----N---- C:\WINDOWS\system32\_003752_.tmp.dll
2008-10-08 19:16:11 ----N---- C:\WINDOWS\system32\_003751_.tmp.dll
2008-10-08 19:16:11 ----N---- C:\WINDOWS\system32\_003750_.tmp.dll
2008-10-08 19:16:09 ----N---- C:\WINDOWS\system32\_003743_.tmp.dll
2008-10-08 19:16:09 ----N---- C:\WINDOWS\system32\_003742_.tmp.dll
2008-10-08 19:16:09 ----N---- C:\WINDOWS\system32\_003741_.tmp.dll
2008-10-08 19:16:09 ----N---- C:\WINDOWS\system32\_003740_.tmp.dll
2008-10-05 13:34:54 ----A---- C:\WINDOWS\zip.exe
2008-10-05 13:34:54 ----A---- C:\WINDOWS\VFind.exe
2008-10-05 13:34:54 ----A---- C:\WINDOWS\swxcacls.exe
2008-10-05 13:34:54 ----A---- C:\WINDOWS\SWSC.exe
2008-10-05 13:34:54 ----A---- C:\WINDOWS\SWREG.exe
2008-10-05 13:34:54 ----A---- C:\WINDOWS\sed.exe
2008-10-05 13:34:54 ----A---- C:\WINDOWS\Nircmd.exe
2008-10-05 13:34:54 ----A---- C:\WINDOWS\grep.exe
2008-10-05 13:34:54 ----A---- C:\WINDOWS\fdsv.exe
2008-10-05 13:34:46 ----D---- C:\ComboFix
2008-10-05 13:34:45 ----A---- C:\WINDOWS\system32\CF9719.exe
2008-10-05 12:18:59 ----D---- C:\Program Files\Safer Networking
2008-10-05 05:44:51 ----D---- C:\WINDOWS\pss
2008-10-05 04:45:14 ----D---- C:\WINDOWS\system32\NtmsData
2008-10-05 04:19:39 ----D---- C:\getservice
2008-10-05 00:32:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-05 00:32:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2008-10-23 12:48:33 ----D---- C:\WINDOWS\temp
2008-10-23 12:36:11 ----D---- C:\WINDOWS\system32
2008-10-23 12:10:01 ----A---- C:\test.txt
2008-10-23 11:17:33 ----SHD---- C:\WINDOWS\Installer
2008-10-23 10:10:45 ----D---- C:\Program Files\Mozilla Firefox
2008-10-22 13:36:40 ----D---- C:\Documents and Settings\Owner\Application Data\U3
2008-10-22 08:15:18 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-22 08:07:43 ----SD---- C:\WINDOWS\Tasks
2008-10-22 08:03:52 ----D---- C:\WINDOWS
2008-10-22 00:04:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-22 00:03:54 ----A---- C:\WINDOWS\bdagent.INI
2008-10-21 21:52:33 ----HD---- C:\WINDOWS\inf
2008-10-21 13:25:16 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-21 03:00:53 ----HD---- C:\Config.Msi
2008-10-19 09:55:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-19 04:47:33 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-18 15:23:16 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-18 15:21:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-18 15:19:34 ----A---- C:\WINDOWS\setuplog.txt
2008-10-18 15:18:40 ----D---- C:\WINDOWS\system32\Setup
2008-10-18 15:18:39 ----D---- C:\WINDOWS\system32\wbem
2008-10-18 15:18:39 ----D---- C:\WINDOWS\AppPatch
2008-10-18 15:18:37 ----RSD---- C:\WINDOWS\Fonts
2008-10-18 15:18:26 ----D---- C:\WINDOWS\system32\drivers
2008-10-18 12:39:02 ----D---- C:\WINDOWS\security
2008-10-18 12:36:39 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-18 12:35:48 ----A---- C:\WINDOWS\imsins.BAK
2008-10-18 12:33:25 ----D---- C:\Program Files\Messenger
2008-10-18 12:28:39 ----D---- C:\WINDOWS\WinSxS
2008-10-18 12:28:29 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-18 12:28:26 ----D---- C:\WINDOWS\ime
2008-10-18 12:28:25 ----D---- C:\WINDOWS\Help
2008-10-18 12:28:02 ----D---- C:\WINDOWS\system32\usmt
2008-10-18 12:28:02 ----D---- C:\WINDOWS\system32\en-us
2008-10-18 12:27:58 ----D---- C:\Program Files\Internet Explorer
2008-10-18 12:27:56 ----D---- C:\WINDOWS\system32\bits
2008-10-18 12:27:55 ----D---- C:\WINDOWS\peernet
2008-10-18 12:27:55 ----D---- C:\Program Files\Movie Maker
2008-10-18 12:22:43 ----D---- C:\WINDOWS\system32\Restore
2008-10-18 12:22:42 ----D---- C:\WINDOWS\system32\npp
2008-10-18 12:22:37 ----D---- C:\WINDOWS\msagent
2008-10-18 12:22:33 ----D---- C:\WINDOWS\srchasst
2008-10-18 12:22:32 ----D---- C:\Program Files\NetMeeting
2008-10-18 12:22:29 ----D---- C:\WINDOWS\system32\Com
2008-10-18 12:22:26 ----D---- C:\Program Files\Windows Media Player
2008-10-18 12:22:25 ----D---- C:\Program Files\Windows NT
2008-10-18 12:22:25 ----D---- C:\Program Files\Outlook Express
2008-10-18 12:22:20 ----D---- C:\Program Files\Common Files\System
2008-10-18 12:22:02 ----D---- C:\WINDOWS\system32\oobe
2008-10-18 12:21:58 ----D---- C:\WINDOWS\system
2008-10-18 12:17:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-18 12:11:10 ----D---- C:\WINDOWS\EHome
2008-10-15 20:54:01 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-09 20:58:29 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-08 20:57:55 ----D---- C:\Program Files\InterActual
2008-10-08 19:31:05 ----AD---- C:\Program Files
2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-06 16:08:09 ----A---- C:\VundoFix.txt
2008-10-06 14:05:31 ----D---- C:\WINDOWS\system32\?ystem
2008-10-05 20:47:10 ----A---- C:\WINDOWS\WININIT.INI
2008-10-05 13:48:50 ----D---- C:\Program Files\A4Desk
2008-10-05 13:45:49 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-05 05:47:32 ----RASH---- C:\boot.ini
2008-10-05 05:47:32 ----A---- C:\WINDOWS\win.ini
2008-10-05 05:47:32 ----A---- C:\WINDOWS\system.ini
2008-10-05 04:45:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-05 03:20:07 ----D---- C:\Program Files\Yahoo!
2008-10-05 03:20:03 ----D---- C:\Program Files\Common Files\Scanner
2008-10-04 13:58:30 ----D---- C:\Program Files\Maxis

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2003-01-03 8552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-01-16 12970]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-02 86792]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-01-07 196368]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-13 210304]
R3 MRVW245;Linksys Wireless-N USB Network Adapter WUSB300N; C:\WINDOWS\system32\DRIVERS\MRVW245.sys [2006-09-29 489216]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-03-03 1893536]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-09-02 36864]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-09-02 312704]
R3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Alpham1;Ideazon Merc USB Human Interface Device; C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-03-20 42240]
S3 Alpham2;Ideazon Merc MM USB Human Interface Device; C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 18432]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2002-08-29 36224]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-08-15 72771]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 TnIDriver;TnIDriver; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\tni131E.tmp []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2007-06-02 22768]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-07-02 1155072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-03-03 77824]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
R2 QBCFMonitorService;QuickBooks Database Manager Service; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2006-11-28 20480]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2008-09-11 1261568]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2007-11-27 86016]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 WUSB300NSvc;WUSB300NSvc; C:\Program Files\Linksys\WUSB300N\WLService.exe [2005-07-04 53307]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-06-01 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-04-27 500800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2006-11-09 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe []
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-05-23 63040]
S4 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2007-05-23 99904]

-----------------EOF-----------------
 
REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

uTorrent

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.

Post back a new HijackThis, so we can continue cleaning your pc.






Installed Programs

Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:19 PM, on 10/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Application Data\U3\0D61395161D38A27\LaunchPad.exe
C:\Documents and Settings\Owner\Application Data\U3\0D61395161D38A27\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\U3Action.exe
K:\System\Apps\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\FirefoxForU3Start.exe
K:\System\Apps\3C9F7B3F-D55C-42cd-8537-B878518B73AF\Exec\firefox\firefox.exe
C:\Documents and Settings\Owner\Application Data\U3\0D61395161D38A27\020BD180-AF7E-413C-9635-CFA208B739AF\Exec\xfire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7551 bytes






2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Shockwave Player
Apple Software Update
BitDefender Internet Security 2008
CyberPower Audio Editing Lab 12.9
HijackThis 2.0.2
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Linksys Wireless-N USB Network Adapter WUSB300N
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Age of Empires
Microsoft Office 2000 Disc 2
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Mozilla Firefox (2.0.0.17)
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Picasa 2
QuickBooks Premier: Nonprofit Edition 2007
QuickBooks Product Listing Service
RegAlyzer
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Smart Budget
Spybot - Search & Destroy
SupportSoft Assisted Service
TurboTax Deluxe 2007
Unlocker 1.8.5
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957258)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Windows Defender
Windows XP Service Pack 3
Yahoo! Browser Services
Yahoo! Internet Mail
 
Step 1


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------- -----------------------------------------------------------
Step 2


Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
----------------------------------------------------------- -----------------------------------------------------------
Step 3




Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


----------------------------------------------------------- -----------------------------------------------------------
Step 4


Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • MalwareBytes Log
  • ComboFix Log
  • Kaspersky Log
  • How are things running now ?
 
Malwarebytes' Anti-Malware 1.30
Database version: 1316
Windows 5.1.2600 Service Pack 3

10/25/2008 12:16:34 PM
mbam-log-2008-10-25 (12-16-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 229204
Time elapsed: 2 hour(s), 1 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 4
Registry Data Items Infected: 9
Folders Infected: 8
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\sqvgnrpx.btfw (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b8483a1e-e66b-44fa-a0dc-9e07093b17d1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fa268283-f681-4bfd-9a05-44e642777444} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7f1b566d-5901-49f4-b02c-107f17746dc9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ExplorerWAS (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ExplorerWAS (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6cf0a05e-7d6b-4e00-b836-b3f23513657c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\f02WtR (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\b02FdUe (Malware.Folder) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B1 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\?ssembly (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007\Logs (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080217-082456-871.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP650\A0094253.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007\Logs\update.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_005900_.tmp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_005932_.tmp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\TmpRecentIcons\Antispyware-2008.lnk (Rogue.Link) -> Quarantined and deleted successfully.






ComboFix 08-10-24.02 - Owner 2008-10-25 12:32:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.268 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\CURITY~1
C:\Documents and Settings\Owner\Application Data\ICROSO~1
C:\Documents and Settings\Owner\Application Data\MBOLS~1
C:\Documents and Settings\Owner\Application Data\SCURIT~1
C:\Documents and Settings\Owner\Application Data\SSEMBL~1
C:\Documents and Settings\Owner\Application Data\SSEMBL~1\?ssembly\
C:\Documents and Settings\Owner\Application Data\TSKS~1
C:\Documents and Settings\Owner\Application Data\WNSXS~1
C:\Documents and Settings\Owner\My Documents\APPATC~1
C:\Documents and Settings\Owner\My Documents\ASEMBL~1
C:\Documents and Settings\Owner\My Documents\ASKS~1
C:\Documents and Settings\Owner\My Documents\ASKS~2
C:\Documents and Settings\Owner\My Documents\CROSOF~1
C:\Documents and Settings\Owner\My Documents\CROSOF~1.NET
C:\Documents and Settings\Owner\My Documents\CURITY~1
C:\Documents and Settings\Owner\My Documents\DOBE~1
C:\Documents and Settings\Owner\My Documents\DOBE~2
C:\Documents and Settings\Owner\My Documents\FNTS~1
C:\Documents and Settings\Owner\My Documents\FNTS~2
C:\Documents and Settings\Owner\My Documents\ICROSO~1
C:\Documents and Settings\Owner\My Documents\ICROSO~1.NET
C:\Documents and Settings\Owner\My Documents\ICROSO~2
C:\Documents and Settings\Owner\My Documents\MANTEC~1
C:\Documents and Settings\Owner\My Documents\MBOLS~1
C:\Documents and Settings\Owner\My Documents\MCROSO~1
C:\Documents and Settings\Owner\My Documents\MCROSO~1.NET
C:\Documents and Settings\Owner\My Documents\PPATCH~1
C:\Documents and Settings\Owner\My Documents\PPATCH~2
C:\Documents and Settings\Owner\My Documents\PPPATC~1
C:\Documents and Settings\Owner\My Documents\PPPATC~2
C:\Documents and Settings\Owner\My Documents\RACLE~1
C:\Documents and Settings\Owner\My Documents\RACLE~2
C:\Documents and Settings\Owner\My Documents\SEMBLY~1
C:\Documents and Settings\Owner\My Documents\SKS~1
C:\Documents and Settings\Owner\My Documents\SKS~2
C:\Documents and Settings\Owner\My Documents\SMANTE~1
C:\Documents and Settings\Owner\My Documents\SMBOLS~1
C:\Documents and Settings\Owner\My Documents\SSEMBL~1
C:\Documents and Settings\Owner\My Documents\SSTEM~1
C:\Documents and Settings\Owner\My Documents\SSTEM3~1
C:\Documents and Settings\Owner\My Documents\STEM~1
C:\Documents and Settings\Owner\My Documents\STEM32~1
C:\Documents and Settings\Owner\My Documents\TSKS~1
C:\Documents and Settings\Owner\My Documents\WNSXS~1
C:\Documents and Settings\Owner\My Documents\YMANTE~1
C:\Documents and Settings\Owner\My Documents\YMBOLS~1
C:\Documents and Settings\Owner\My Documents\YSTEM~1
C:\Documents and Settings\Owner\My Documents\YSTEM3~1
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\ecurit~1
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\pppatc~1
C:\Program Files\Common Files\sembly~1
C:\Program Files\Common Files\stem~1
C:\Program Files\Common Files\stem32~1
C:\Program Files\Common Files\ystem3~1
C:\temp\0c2
C:\Temp\1cb
C:\temp\brr
C:\Temp\fse
C:\test.txt
C:\WINDOWS\asembl~1
C:\WINDOWS\dobe~1
C:\WINDOWS\dobe~2
C:\WINDOWS\fnts~1
C:\WINDOWS\icroso~1
C:\WINDOWS\mantec~1
C:\WINDOWS\mbols~1
C:\WINDOWS\smbols~1
C:\WINDOWS\system32\_003740_.tmp.dll
C:\WINDOWS\system32\_003741_.tmp.dll
C:\WINDOWS\system32\_003742_.tmp.dll
C:\WINDOWS\system32\_003743_.tmp.dll
C:\WINDOWS\system32\_003750_.tmp.dll
C:\WINDOWS\system32\_003751_.tmp.dll
C:\WINDOWS\system32\_003752_.tmp.dll
C:\WINDOWS\system32\_003754_.tmp.dll
C:\WINDOWS\system32\_003755_.tmp.dll
C:\WINDOWS\system32\_003758_.tmp.dll
C:\WINDOWS\system32\_003759_.tmp.dll
C:\WINDOWS\system32\_003761_.tmp.dll
C:\WINDOWS\system32\_003762_.tmp.dll
C:\WINDOWS\system32\_003763_.tmp.dll
C:\WINDOWS\system32\_003765_.tmp.dll
C:\WINDOWS\system32\_003768_.tmp.dll
C:\WINDOWS\system32\_003769_.tmp.dll
C:\WINDOWS\system32\_003773_.tmp.dll
C:\WINDOWS\system32\_003774_.tmp.dll
C:\WINDOWS\system32\_003776_.tmp.dll
C:\WINDOWS\system32\_003778_.tmp.dll
C:\WINDOWS\system32\_003779_.tmp.dll
C:\WINDOWS\system32\_003781_.tmp.dll
C:\WINDOWS\system32\_003782_.tmp.dll
C:\WINDOWS\system32\_003783_.tmp.dll
C:\WINDOWS\system32\_003784_.tmp.dll
C:\WINDOWS\system32\_003787_.tmp.dll
C:\WINDOWS\system32\_003788_.tmp.dll
C:\WINDOWS\system32\_003789_.tmp.dll
C:\WINDOWS\system32\_003790_.tmp.dll
C:\WINDOWS\system32\_003791_.tmp.dll
C:\WINDOWS\system32\_003796_.tmp.dll
C:\WINDOWS\system32\_003798_.tmp.dll
C:\WINDOWS\system32\_003799_.tmp.dll
C:\WINDOWS\system32\_005889_.tmp.dll
C:\WINDOWS\system32\_005890_.tmp.dll
C:\WINDOWS\system32\_005891_.tmp.dll
C:\WINDOWS\system32\_005892_.tmp.dll
C:\WINDOWS\system32\_005899_.tmp.dll
C:\WINDOWS\system32\_005901_.tmp.dll
C:\WINDOWS\system32\_005902_.tmp.dll
C:\WINDOWS\system32\_005904_.tmp.dll
C:\WINDOWS\system32\_005905_.tmp.dll
C:\WINDOWS\system32\_005908_.tmp.dll
C:\WINDOWS\system32\_005909_.tmp.dll
C:\WINDOWS\system32\_005911_.tmp.dll
C:\WINDOWS\system32\_005912_.tmp.dll
C:\WINDOWS\system32\_005913_.tmp.dll
C:\WINDOWS\system32\_005915_.tmp.dll
C:\WINDOWS\system32\_005916_.tmp.dll
C:\WINDOWS\system32\_005918_.tmp.dll
C:\WINDOWS\system32\_005919_.tmp.dll
C:\WINDOWS\system32\_005923_.tmp.dll
C:\WINDOWS\system32\_005924_.tmp.dll
C:\WINDOWS\system32\_005926_.tmp.dll
C:\WINDOWS\system32\_005928_.tmp.dll
C:\WINDOWS\system32\_005929_.tmp.dll
C:\WINDOWS\system32\_005931_.tmp.dll
C:\WINDOWS\system32\_005933_.tmp.dll
C:\WINDOWS\system32\_005934_.tmp.dll
C:\WINDOWS\system32\_005935_.tmp.dll
C:\WINDOWS\system32\_005938_.tmp.dll
C:\WINDOWS\system32\_005939_.tmp.dll
C:\WINDOWS\system32\_005940_.tmp.dll
C:\WINDOWS\system32\_005941_.tmp.dll
C:\WINDOWS\system32\_005942_.tmp.dll
C:\WINDOWS\system32\_005947_.tmp.dll
C:\WINDOWS\system32\_005949_.tmp.dll
C:\WINDOWS\system32\_005950_.tmp.dll
C:\WINDOWS\system32\aakousju.ini
C:\WINDOWS\system32\aamsmffx.ini
C:\WINDOWS\system32\abneuykk.ini
C:\WINDOWS\system32\acyrubwn.ini
C:\WINDOWS\system32\adgekkam.ini
C:\WINDOWS\system32\adll
C:\WINDOWS\system32\aeesdwsy.ini
C:\WINDOWS\system32\aewlbgyg.ini
C:\WINDOWS\system32\ageaqial.ini
C:\WINDOWS\system32\agtapxmy.ini
C:\WINDOWS\system32\aguvwfih.ini
C:\WINDOWS\system32\akovyaqi.ini
C:\WINDOWS\system32\akuqtwpn.ini
C:\WINDOWS\system32\alnfqvri.ini
C:\WINDOWS\system32\amnjxani.ini
C:\WINDOWS\system32\appatc~1
C:\WINDOWS\system32\asapsblm.ini
C:\WINDOWS\system32\avtopfrb.ini
C:\WINDOWS\system32\baiqmrtd.ini
C:\WINDOWS\system32\bcdddpfy.ini
C:\WINDOWS\system32\bdsnhhwb.ini
C:\WINDOWS\system32\bgafbbeb.ini
C:\WINDOWS\system32\bkwpfxku.ini
C:\WINDOWS\system32\bljntwoo.ini
C:\WINDOWS\system32\bqstfnlv.ini
C:\WINDOWS\system32\bromiwll.ini
C:\WINDOWS\system32\bsjhsnlg.ini
C:\WINDOWS\system32\bygxxdsc.ini
C:\WINDOWS\system32\ccoqfctq.ini
C:\WINDOWS\system32\cdarlswl.ini
C:\WINDOWS\system32\cdxfprrq.ini
C:\WINDOWS\system32\ckimnyrb.ini
C:\WINDOWS\system32\cmimyovx.ini
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\cutnkgdp.ini
C:\WINDOWS\system32\cxugqdfe.ini
C:\WINDOWS\system32\dcmmslcr.ini
C:\WINDOWS\system32\ddjjecnx.ini
C:\WINDOWS\system32\dfeakmij.ini
C:\WINDOWS\system32\dgopmuff.ini
C:\WINDOWS\system32\dhbbgruh.ini
C:\WINDOWS\system32\dhngvqkc.ini
C:\WINDOWS\system32\dnltnufq.ini
C:\WINDOWS\system32\dqpftdml.ini
C:\WINDOWS\system32\dshhitxq.ini
C:\WINDOWS\system32\dwnweawe.ini
C:\WINDOWS\system32\dyywpauj.ini
C:\WINDOWS\system32\eamxlvar.ini
C:\WINDOWS\system32\ednymihl.ini
C:\WINDOWS\system32\eeaoeorj.ini
C:\WINDOWS\system32\ejyvoevg.ini
C:\WINDOWS\system32\ekjvwoag.ini
C:\WINDOWS\system32\enferjxq.ini
C:\WINDOWS\system32\erpwhyor.ini
C:\WINDOWS\system32\eslteues.ini
C:\WINDOWS\system32\eswouoof.ini
C:\WINDOWS\system32\evhndulh.ini
C:\WINDOWS\system32\ewbjfvch.ini
C:\WINDOWS\system32\extmtmbc.ini
C:\WINDOWS\system32\fflnelxw.ini
C:\WINDOWS\system32\fipspvgg.ini
C:\WINDOWS\system32\fjkapkil.ini
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\fquoomfg.ini
C:\WINDOWS\system32\ftqiewlq.ini
C:\WINDOWS\system32\fvwdwppf.ini
C:\WINDOWS\system32\fwcyibif.ini
C:\WINDOWS\system32\fwfeqegd.ini
C:\WINDOWS\system32\fwvimuig.ini
C:\WINDOWS\system32\fygvmnir.ini
C:\WINDOWS\system32\gdjvyqyx.ini
C:\WINDOWS\system32\gjhiupvq.ini
C:\WINDOWS\system32\gjjdupjx.ini
C:\WINDOWS\system32\gliolkdu.ini
C:\WINDOWS\system32\gqcfwsic.ini
C:\WINDOWS\system32\gqygrixs.ini
C:\WINDOWS\system32\gvuduwpx.ini
C:\WINDOWS\system32\gxajdvaj.ini
C:\WINDOWS\system32\gxilkmmt.ini
C:\WINDOWS\system32\hbhiyqox.ini
C:\WINDOWS\system32\hcwrbmel.ini
C:\WINDOWS\system32\hddinuss.ini
C:\WINDOWS\system32\hfqfdccp.ini
C:\WINDOWS\system32\hnixvwli.ini
C:\WINDOWS\system32\hnvtoqbo.ini
C:\WINDOWS\system32\hqwdsiaw.ini
C:\WINDOWS\system32\hrbxeloj.ini
C:\WINDOWS\system32\hrqtlxvb.ini
C:\WINDOWS\system32\hstqyfba.ini
C:\WINDOWS\system32\htvmpdxw.ini
C:\WINDOWS\system32\hvssucgr.ini
C:\WINDOWS\system32\ibeytuce.ini
C:\WINDOWS\system32\iblsakem.ini
C:\WINDOWS\system32\icpbllpf.ini
C:\WINDOWS\system32\icroso~1.net
C:\WINDOWS\system32\iehfaywp.ini
C:\WINDOWS\system32\ievpbtab.ini
C:\WINDOWS\system32\igddgrpi.ini
C:\WINDOWS\system32\igyekddw.ini
C:\WINDOWS\system32\ihfljuxv.ini
C:\WINDOWS\system32\ihghlbue.ini
C:\WINDOWS\system32\iihfyjyl.ini
C:\WINDOWS\system32\ikhytigh.ini
C:\WINDOWS\system32\inxhkiqk.ini
C:\WINDOWS\system32\irauxqkm.ini
C:\WINDOWS\system32\iyonwsol.ini
C:\WINDOWS\system32\jddaypnr.ini
C:\WINDOWS\system32\jhksqseu.ini
C:\WINDOWS\system32\jhqvpews.ini
C:\WINDOWS\system32\jibknfhf.ini
C:\WINDOWS\system32\jkmetlwu.ini
C:\WINDOWS\system32\jlqmeeia.ini
C:\WINDOWS\system32\jluwmqkl.ini
C:\WINDOWS\system32\jlxlrrfk.ini
C:\WINDOWS\system32\jnnovgns.ini
C:\WINDOWS\system32\jqmpyuta.ini
C:\WINDOWS\system32\jqxdlmgw.ini
C:\WINDOWS\system32\jshksubk.ini
C:\WINDOWS\system32\jveadhkc.ini
C:\WINDOWS\system32\jvvrisno.ini
C:\WINDOWS\system32\jxygltik.ini
C:\WINDOWS\system32\jyolkdxn.ini
C:\WINDOWS\system32\jyrecekj.ini
C:\WINDOWS\system32\kbriofgi.ini
C:\WINDOWS\system32\kfcgtwvp.ini
C:\WINDOWS\system32\kfqqknfv.ini
C:\WINDOWS\system32\kkukvlxd.ini
C:\WINDOWS\system32\knvfesei.ini
C:\WINDOWS\system32\koakekgj.ini
C:\WINDOWS\system32\kpeykwjh.ini
C:\WINDOWS\system32\kpeykwjh.ini2
C:\WINDOWS\system32\kqulqafd.ini
C:\WINDOWS\system32\krbbojyg.ini
C:\WINDOWS\system32\ktykjrsy.ini
C:\WINDOWS\system32\kuahxiss.ini
C:\WINDOWS\system32\kurvhxkf.ini
C:\WINDOWS\system32\lapuwuxf.ini
C:\WINDOWS\system32\lcckbpqy.ini
C:\WINDOWS\system32\leqttbkk.ini
C:\WINDOWS\system32\ljdfpwia.ini
C:\WINDOWS\system32\lkmrwbfj.ini
C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmpiprma.ini
C:\WINDOWS\system32\lpjjewna.ini
C:\WINDOWS\system32\lrluaenh.ini
C:\WINDOWS\system32\lupykumm.ini
C:\WINDOWS\system32\lvbpsyye.ini
C:\WINDOWS\system32\lvsjgbuc.ini
C:\WINDOWS\system32\lwurnqff.ini
C:\WINDOWS\system32\lxblhyeu.ini
C:\WINDOWS\system32\lxdaifma.ini
C:\WINDOWS\system32\mantec~1
C:\WINDOWS\system32\mckhofra.ini
C:\WINDOWS\system32\mdudssra.ini
C:\WINDOWS\system32\meseyfsy.ini
C:\WINDOWS\system32\mfmaoski.ini
C:\WINDOWS\system32\mhtjsprm.ini
C:\WINDOWS\system32\mhupueip.ini
C:\WINDOWS\system32\mkwphjkp.ini
C:\WINDOWS\system32\mleolxpm.ini
C:\WINDOWS\system32\mnbmvsph.ini
C:\WINDOWS\system32\mnnypmkp.ini
C:\WINDOWS\system32\mnxuearx.ini
C:\WINDOWS\system32\momkehxv.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mwqdawaj.ini
C:\WINDOWS\system32\mwvqcuuw.ini
C:\WINDOWS\system32\myxyatfl.ini
C:\WINDOWS\system32\nadpejae.ini
C:\WINDOWS\system32\nafneqsj.ini
C:\WINDOWS\system32\naymrvuu.ini
C:\WINDOWS\system32\nlksbiem.ini
C:\WINDOWS\system32\nltssrwp.ini
C:\WINDOWS\system32\nohfrrgd.ini
C:\WINDOWS\system32\ntdqunsd.ini
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\nwfimpay.ini
C:\WINDOWS\system32\nwkpexkk.ini
C:\WINDOWS\system32\nxpuhndk.ini
C:\WINDOWS\system32\oaoixtmj.ini
C:\WINDOWS\system32\odcxbhop.ini
C:\WINDOWS\system32\ofnmsucr.ini
C:\WINDOWS\system32\ohimmwlh.ini
C:\WINDOWS\system32\omfykglv.ini
C:\WINDOWS\system32\omwrotpf.ini
C:\WINDOWS\system32\onxsyunq.ini
C:\WINDOWS\system32\oorpfgfi.ini
C:\WINDOWS\system32\owyxlseg.ini
C:\WINDOWS\system32\oycysqfu.ini
C:\WINDOWS\system32\paioptxo.ini
C:\WINDOWS\system32\patovxgh.ini
C:\WINDOWS\system32\pbmpwsce.ini
C:\WINDOWS\system32\pivafpjc.ini
C:\WINDOWS\system32\pkkbcmty.ini
C:\WINDOWS\system32\pklqsqlt.ini
C:\WINDOWS\system32\plhaamku.ini
C:\WINDOWS\system32\pliqlxit.ini
C:\WINDOWS\system32\pljepdfr.ini
C:\WINDOWS\system32\plkemadh.ini
C:\WINDOWS\system32\plwtannb.ini
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\pruoounm.ini
C:\WINDOWS\system32\psvsccbh.ini
C:\WINDOWS\system32\ptbrrdgi.ini
C:\WINDOWS\system32\ptleaunc.ini
C:\WINDOWS\system32\pwirhjny.ini
C:\WINDOWS\system32\qdegstby.ini
C:\WINDOWS\system32\qjfpplpu.ini
C:\WINDOWS\system32\qkhydfru.ini
C:\WINDOWS\system32\qmyxsbge.ini
C:\WINDOWS\system32\qneahuqg.ini
C:\WINDOWS\system32\qsirmali.ini
C:\WINDOWS\system32\qwxfabeh.ini
C:\WINDOWS\system32\qxnhcbpe.ini
C:\WINDOWS\system32\rccmkdes.ini
C:\WINDOWS\system32\rdcdfutf.ini
C:\WINDOWS\system32\rdiwjnfw.ini
C:\WINDOWS\system32\rfaqcpkf.ini
C:\WINDOWS\system32\rgootuqy.ini
C:\WINDOWS\system32\ribfrygn.ini
C:\WINDOWS\system32\rjqkiuql.ini
C:\WINDOWS\system32\rkbcokiy.ini
C:\WINDOWS\system32\rkhhaxgm.ini
C:\WINDOWS\system32\rkuchysy.ini
C:\WINDOWS\system32\rmpxqogf.ini
C:\WINDOWS\system32\rmwxvsll.ini
C:\WINDOWS\system32\rocwighy.ini
C:\WINDOWS\system32\rqinxcsc.ini
C:\WINDOWS\system32\rqliuuih.ini
C:\WINDOWS\system32\saqjifse.ini
C:\WINDOWS\system32\sbiimkai.ini
C:\WINDOWS\system32\sckynujb.ini
C:\WINDOWS\system32\scurit~1
C:\WINDOWS\system32\sekaddee.ini
C:\WINDOWS\system32\snuwdjlq.ini
C:\WINDOWS\system32\sqybqivs.ini
C:\WINDOWS\system32\ssswbxhc.ini
C:\WINDOWS\system32\stcixour.ini
C:\WINDOWS\system32\svjyuxdu.ini
C:\WINDOWS\system32\swjiggof.ini
C:\WINDOWS\system32\sykemiyt.ini
C:\WINDOWS\system32\tapohdsf.ini
C:\WINDOWS\system32\taylaclv.ini
C:\WINDOWS\system32\tgtvajyr.ini
C:\WINDOWS\system32\thajoymi.ini
C:\WINDOWS\system32\thlguwgs.ini
C:\WINDOWS\system32\tkjxgtpp.ini
C:\WINDOWS\system32\tmxemmvw.ini
C:\WINDOWS\system32\tnshbohi.ini
C:\WINDOWS\system32\trsxivdu.ini
C:\WINDOWS\system32\tswfvamw.ini
C:\WINDOWS\system32\tuudwymo.ini
C:\WINDOWS\system32\tweskxmt.ini
C:\WINDOWS\system32\ufxwvwil.ini
C:\WINDOWS\system32\ugpytpwe.ini
C:\WINDOWS\system32\uimtvexi.ini
C:\WINDOWS\system32\umgbfvtq.ini
C:\WINDOWS\system32\unjsufwl.ini
C:\WINDOWS\system32\upnkfvvb.ini
C:\WINDOWS\system32\uqljikum.ini
C:\WINDOWS\system32\uqoygtje.ini
C:\WINDOWS\system32\usgundki.ini
C:\WINDOWS\system32\uskijfkm.ini
C:\WINDOWS\system32\uwqsijyt.ini
C:\WINDOWS\system32\uxvqmaxb.ini
C:\WINDOWS\system32\uyeaijpi.ini
C:\WINDOWS\system32\vausaswd.ini
C:\WINDOWS\system32\vcidwele.ini
C:\WINDOWS\system32\vfayrrkq.ini
C:\WINDOWS\system32\viylueem.ini
C:\WINDOWS\system32\vkamtvhe.ini
C:\WINDOWS\system32\vmhbxbxt.ini
C:\WINDOWS\system32\vmrimpkx.ini
C:\WINDOWS\system32\vnjenooc.ini
C:\WINDOWS\system32\vpkkpbxh.ini
C:\WINDOWS\system32\vtdlwvle.ini
C:\WINDOWS\system32\vvfixmkf.ini
C:\WINDOWS\system32\vvmvwwsm.ini
C:\WINDOWS\system32\vwuxcjki.ini
C:\WINDOWS\system32\wapisvcc32.exe
C:\WINDOWS\system32\waumhuec.ini
C:\WINDOWS\system32\wemailig.ini
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\womxvxwj.ini
C:\WINDOWS\system32\wwhkqxpb.ini
C:\WINDOWS\system32\X1
C:\WINDOWS\system32\xaaiisnb.ini
C:\WINDOWS\system32\xamndyub.ini
C:\WINDOWS\system32\xchnrbwv.ini
C:\WINDOWS\system32\xdsmiflw.ini
C:\WINDOWS\system32\xpjqooeh.ini
C:\WINDOWS\system32\xpqwbhfn.ini
C:\WINDOWS\system32\xrxadpeo.ini
C:\WINDOWS\system32\xsnphwcb.ini
C:\WINDOWS\system32\xvfhvten.ini
C:\WINDOWS\system32\xymiulxa.ini
C:\WINDOWS\system32\yhjshsty.ini
C:\WINDOWS\system32\ylixxksb.ini
C:\WINDOWS\system32\ypvoorft.ini
C:\WINDOWS\system32\yqihoerp.ini
C:\WINDOWS\system32\ystem~1
C:\WINDOWS\system32\ystem3~1
C:\WINDOWS\system32\ywnvukng.ini
C:\WINDOWS\system32\yxcobypp.ini
C:\WINDOWS\system32\Z1
C:\WINDOWS\system32\Z11
C:\WINDOWS\system32\Z3
C:\WINDOWS\system32\Z5
C:\WINDOWS\system32\Z7
C:\WINDOWS\tsks~1
C:\WINDOWS\wnsxs~1
C:\WINDOWS\ymante~1
C:\WINDOWS\ystem~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Service_TnIDriver


((((((((((((((((((((((((( Files Created from 2008-09-25 to 2008-10-25 )))))))))))))))))))))))))))))))
.

2008-10-24 14:44 . 2008-10-24 17:05 <DIR> d-------- C:\Program Files\IKEA HomePlanner
2008-10-24 14:06 . 2008-10-24 14:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-24 14:06 . 2008-10-24 14:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-24 14:06 . 2008-10-24 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-24 14:06 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-24 14:06 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-24 05:12 . 2008-10-15 11:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-23 12:48 . 2008-10-23 12:49 <DIR> d-------- C:\rsit
2008-10-14 20:52 . 2008-09-08 05:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 20:51 . 2008-08-14 05:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 20:51 . 2008-08-14 05:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-14 20:51 . 2008-08-14 04:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 20:51 . 2008-08-14 04:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 20:51 . 2008-09-15 07:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-08 21:18 . 2008-08-14 05:09 2,145,280 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-10-08 20:11 . 2008-10-08 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-10-08 19:47 . 2008-10-08 19:47 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-10-08 19:31 . 2008-10-18 12:28 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-08 19:31 . 2008-10-18 12:27 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-08 19:31 . 2008-10-18 12:27 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-08 19:16 . 2004-08-04 01:00 71,040 --------- C:\WINDOWS\system32\drivers\_003715_.tmp.dll
2008-10-05 12:18 . 2008-10-05 12:18 <DIR> d-------- C:\Program Files\Safer Networking
2008-10-05 04:45 . 2008-10-05 04:47 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-10-05 04:19 . 2008-10-05 04:20 <DIR> d-------- C:\getservice
2008-10-05 00:32 . 2008-10-05 00:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-05 00:32 . 2008-10-05 05:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 17:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-10-24 19:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-21 18:25 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-16 01:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-09 01:57 --------- d-----w C:\Program Files\InterActual
2008-10-05 18:48 --------- d-----w C:\Program Files\A4Desk
2008-10-05 08:20 --------- d-----w C:\Program Files\Yahoo!
2008-10-05 08:20 --------- d-----w C:\Program Files\Common Files\Scanner
2008-10-04 18:58 --------- d-----w C:\Program Files\Maxis
2008-09-20 16:37 --------- d-----w C:\Program Files\Apple Software Update
2008-09-20 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-03 2904064]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-11 135168]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-15 368640]
"CHotkey"="zHotkey.exe" [2004-05-17 C:\WINDOWS\zHotkey.exe]
"nwiz"="nwiz.exe" [2004-03-03 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"BFast.exe"= BFast.exe
"BigFix.exe"= BigFix.exe
"iexplore.exe"= iexplore.exe
"InstHelp.exe"= InstHelp.exe
"InstUp.exe"= InstUp.exe
"MBDownloader_876919.exe"= MBDownloader_876919.exe
"msiexec.exe"= msiexec.exe
"nopdb.exe"= nopdb.exe
"retadpu.exe"= retadpu.exe
"retadpu572.exe"= retadpu572.exe
"was7.exe"= was7.exe
"wfikftdo.exe"= wfikftdo.exe
"WinTouch.exe"= WinTouch.exe
"wucrtupd.exe"= wucrtupd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires\\Empires.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 WUSB300NSvc;WUSB300NSvc;C:\Program Files\Linksys\WUSB300N\WLService.exe WUSB300N.exe [ ]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-02 86792]
S0 ayuysssj;ayuysssj;C:\WINDOWS\system32\drivers\zvgyscoi.dat [ ]
S3 Alpham1;Ideazon Merc USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-03-20 42240]
S3 Alpham2;Ideazon Merc MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 18432]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-29 36224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2008-10-19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-25 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr1&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJPI142.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPOJI610.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 12:44:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ayuysssj]
"ImagePath"="system32\drivers\zvgyscoi.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-10-25 12:56:44 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-10-25 17:56:19

Pre-Run: 89,830,596,608 bytes free
Post-Run: 89,545,650,176 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

659 --- E O F --- 2008-10-25 08:01:19





KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, October 25, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 25, 2008 19:01:15
Records in database: 1346206
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
G:\
H:\
I:\
J:\
Scan statistics
Files scanned 167402
Threat name 1
Infected objects 2
Suspicious objects 0
Duration of the scan 04:04:36

File name Threat name Threats count
C:\Program Files\Internet Explorer\rtere.html Infected: Trojan-Clicker.HTML.IFrame.dn 1
C:\Program Files\Windows Media Player\rtere.html Infected: Trojan-Clicker.HTML.IFrame.dn 1
The selected area was scanned.




My C:\ drive does show up now, but I still have problems with my internet having to be repaired constantly. It also still runs slow, but that also may be because of how many files are on this hard drive.
 
Information

Well, your machine was heavily infected !!!

Do you know anything about ?
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
It is a registry entry to restrict the access to certain programs
----------------------------------------------------------- -----------------------------------------------------------

Step 1


Disable Teatimer
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.


----------------------------------------------------------- -----------------------------------------------------------
Step 2


Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\WINDOWS\system32\drivers\zvgyscoi.dat
C:\Program Files\Windows Media Player\rtere.html
C:\Program Files\Internet Explorer\rtere.html

Driver::
ayuysssj
  • Save this as CFScript.txt and place it on your desktop.


    CFScriptb.gif


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


----------------------------------------------------------- -----------------------------------------------------------
Step 3



Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK
  • Click the Scan Now button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.



----------------------------------------------------------- -----------------------------------------------------------
Step 4

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • ComboFix Log
  • Active Scan Log
  • How are things running now ?
 
ComboFix 08-10-24.02 - Owner 2008-10-26 14:21:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.307 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Program Files\Internet Explorer\rtere.html
C:\Program Files\Windows Media Player\rtere.html
C:\WINDOWS\system32\drivers\zvgyscoi.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Internet Explorer\rtere.html
C:\Program Files\Windows Media Player\rtere.html
C:\test.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AYUYSSSJ
-------\Service_ayuysssj


((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
.

2008-10-25 13:03 . 2008-10-25 13:02 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-25 13:03 . 2008-10-25 13:02 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-24 14:44 . 2008-10-24 17:05 <DIR> d-------- C:\Program Files\IKEA HomePlanner
2008-10-24 14:06 . 2008-10-24 14:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-24 14:06 . 2008-10-24 14:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-24 14:06 . 2008-10-24 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-24 14:06 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-24 14:06 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-24 05:12 . 2008-10-15 11:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-23 12:48 . 2008-10-23 12:49 <DIR> d-------- C:\rsit
2008-10-14 20:52 . 2008-09-08 05:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 20:51 . 2008-08-14 05:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 20:51 . 2008-08-14 05:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-14 20:51 . 2008-08-14 04:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 20:51 . 2008-08-14 04:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 20:51 . 2008-09-15 07:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-08 21:18 . 2008-08-14 05:09 2,145,280 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-10-08 20:11 . 2008-10-08 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-10-08 19:47 . 2008-10-08 19:47 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-10-08 19:31 . 2008-10-18 12:28 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-08 19:31 . 2008-10-18 12:27 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-08 19:31 . 2008-10-18 12:27 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-08 19:16 . 2004-08-04 01:00 71,040 --------- C:\WINDOWS\system32\drivers\_003715_.tmp.dll
2008-10-05 12:18 . 2008-10-05 12:18 <DIR> d-------- C:\Program Files\Safer Networking
2008-10-05 04:45 . 2008-10-05 04:47 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-10-05 04:19 . 2008-10-05 04:20 <DIR> d-------- C:\getservice
2008-10-05 00:32 . 2008-10-05 00:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-05 00:32 . 2008-10-05 05:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 19:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-10-25 18:02 --------- d-----w C:\Program Files\Java
2008-10-24 19:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-21 18:25 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-16 01:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-09 01:57 --------- d-----w C:\Program Files\InterActual
2008-10-05 18:48 --------- d-----w C:\Program Files\A4Desk
2008-10-05 08:20 --------- d-----w C:\Program Files\Yahoo!
2008-10-05 08:20 --------- d-----w C:\Program Files\Common Files\Scanner
2008-10-04 18:58 --------- d-----w C:\Program Files\Maxis
2008-09-20 16:37 --------- d-----w C:\Program Files\Apple Software Update
2008-09-20 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-25_12.55.15.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-25 17:48:16 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
+ 2008-10-26 19:34:41 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
- 2003-01-03 13:44:21 24,670 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-10-25 18:02:41 144,792 ----a-w C:\WINDOWS\system32\java.exe
- 2003-01-03 13:44:21 28,768 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-10-25 18:02:41 144,792 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-10-25 18:02:41 148,888 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-10-26 19:30:47 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_790.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-03 2904064]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-11 135168]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-15 368640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-25 136600]
"CHotkey"="zHotkey.exe" [2004-05-17 C:\WINDOWS\zHotkey.exe]
"nwiz"="nwiz.exe" [2004-03-03 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"BFast.exe"= BFast.exe
"BigFix.exe"= BigFix.exe
"iexplore.exe"= iexplore.exe
"InstHelp.exe"= InstHelp.exe
"InstUp.exe"= InstUp.exe
"MBDownloader_876919.exe"= MBDownloader_876919.exe
"msiexec.exe"= msiexec.exe
"nopdb.exe"= nopdb.exe
"retadpu.exe"= retadpu.exe
"retadpu572.exe"= retadpu572.exe
"was7.exe"= was7.exe
"wfikftdo.exe"= wfikftdo.exe
"WinTouch.exe"= WinTouch.exe
"wucrtupd.exe"= wucrtupd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires\\Empires.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-25 152984]
R2 WUSB300NSvc;WUSB300NSvc;C:\Program Files\Linksys\WUSB300N\WLService.exe WUSB300N.exe [ ]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-02 86792]
S3 Alpham1;Ideazon Merc USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-03-20 42240]
S3 Alpham2;Ideazon Merc MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 18432]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-29 36224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2008-10-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-26 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 14:31:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-10-26 14:43:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-26 19:42:54
ComboFix2.txt 2008-10-25 17:56:46

Pre-Run: 89,487,200,256 bytes free
Post-Run: 89,528,217,600 bytes free

197 --- E O F --- 2008-10-25 08:01:19
 
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-26 23:19:34
PROTECTIONS: 2
MALWARE: 43
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.4005.0 No Yes
Bit-Defender Internet Security 2008 11.0.17 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00035753 adware/sidestep Adware No 0 Yes No c:\documents and settings\owner\favorites\sidestep.url
00035753 adware/sidestep Adware No 0 Yes No c:\documents and settings\owner\favorites\links\sidestep.url
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.atdmt.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.247realmedia.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.bfast.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.bfast.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.bfast.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.mediaplex.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.revenue.net/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.yadro.ru/]
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[landing.domainsponsor.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.xiti.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[counter.hitslink.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.bs.serving-sys.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[www.burstbeacon.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[www.burstbeacon.com/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.weborama.fr/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[server.iad.liveperson.net/hc/69191305]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[server.iad.liveperson.net/hc/69191305]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.advertising.com/]
 
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.bluestreak.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.adrevolver.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.bravenet.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.adultfriendfinder.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.go.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.target.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt[.atwola.com/]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP682\A0110887.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP679\A0110650.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP679\A0110611.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP682\A0110871.sys
03738686 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP678\A0110195.exe[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\catchme.exe
03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP678\A0110100.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Documents and Settings\Owner\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================




It's running a little faster now, and so far I haven't had to repair my internet. I had to put this in three posts because it said there was a 64000 character limit.
 
katana said:
Do you know anything about ?
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
It is a registry entry to restrict the access to certain programs
Click to expand...



OTMoveIt
Please download OTMoveIt3 by OldTimer and save it to your desktop
  • Double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below. ( Make sure you include :Files )
Code: 
:files
c:\documents and settings\owner\favorites\sidestep.url
c:\documents and settings\owner\favorites\links\sidestep.url
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt
C:\SDFix
  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
 
========== FILES ==========
c:\documents and settings\owner\favorites\SideStep.url moved successfully.
c:\documents and settings\owner\favorites\links\SideStep.url moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-3.txt moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-1.txt moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\40hrij1m.default\cookies-2.txt moved successfully.
C:\SDFix\apps\Replace\xp moved successfully.
C:\SDFix\apps\Replace\w2k moved successfully.
C:\SDFix\apps\Replace moved successfully.
C:\SDFix\apps moved successfully.
C:\SDFix moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10272008_152006




Yeah, I do know about that registry file. I used it a couple times to stop some programs from running that I knew caused viruses. I also added some other programs in there that I couldn't uninstall, and didn't want running.
 
Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up



  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • CF_Cleanup.png
You can also delete any logs we have produced, and empty your Recycle bin.


Open OTMoveIt Click Cleanup,
it will now connect to the internet and get a list of files to delete.
When a box pops up click YES.



Enable Teatimer

  • RIGHT click Link >>> HERE <<< Link and select "save as" and save it to your desktop
  • Double click ResetTeaTimer.bat
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • check the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
  • You can now delete ResetTeaTimer.bat



The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

  • AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

  • These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers

  • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

  • Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
 
Status
Not open for further replies.
Back
Top