Zlob.DNSChanger

A

AverageJoe

New member
Hello all,

I know there have probably been hundreds of posts having problems with the same problem I have, but I keep getting Zlob.DNSChanger on my S&D and can't get rid of it, and this is because it's some kind of hacking thing? Regardless, I've come seeking for help, but the problem is, I hardly know anything about technicalities in computers. I see a lot of people have HiJackThis log files and the such. Well, being myself I can't figure out what all of that means and so I'm looking for an explanation of how to get rid of this irritant as soon as possible, but in "simple" terms.

Thankyou to anyone who can reply,
Joe
 
Hello :)

  • Click here to download HijackThis and save it to your desktop.
  • Double-click on HJTInstall.exe to run it.
  • HJTInstall.exe will install HijackThis to here C:\Program Files\Trend Micro\HijackThis
  • Click install
  • HJTInstall.exe will create an icon to your desktop.
  • When the installation is ready, it will start HijackThis.
  • When HijackThis is opened, click Do a system scan and save a logfile.
  • Post the HijackThis log here.
  • Do not fix anything with HijackThis, until I tell to you!
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:02, on 06/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Icons\Seticon.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
O4 - Global Startup: DSLMON.LNK = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{218D9B55-D202-4EF7-A55C-C7C6C7594C81}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{2622CE10-3199-47C5-8CA6-617EC09A03AE}: NameServer = 85.255.113.106 85.255.112.111
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 85.255.113.106,85.255.112.111
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

--
End of file - 7269 bytes


Tell me what to do next, captain!
 
Hello :)

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

  • Save it to your desktop and run it. Click Next, then Install, make sure Run fixit is checked and click Finish.
  • The fix will begin; follow the prompts.
  • You will be asked to reboot your computer; please do so.
  • Your system may take longer than usual to load; this is normal.
  • Once the desktop loads, post the text that will open (report.txt) and a new Hijackthis log in the forum please.
 
Username "Andy" - 2007-08-07 15:50:51 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdbxs.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2622CE10-3199-47C5-8CA6-617EC09A03AE}
"nameserver"="85.255.113.106" <Value cleared.

Successfully flushed the DNS Resolver Cache.


PC crashed or was not allowed to reboot.

»»»»» Postrun check
....

Saving 'hklm\software\microsoft\windows\currentversion\run' to 'run1.hiv' was not successful

....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Other
C:\WINDOWS\TEMP\kdbxs.ren 65078 04/08/2004

»»»»» Current runs (hklm hkcu "run" Keys Only)

....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
 
Hello :)

Empty this folder:

C:\WINDOWS\TEMP
_____________

Re-run with Fixwareout!

Post:
- A fresh HijackThis log
- Contents of report.txt
 
Hello Marrka,

I'd like to enquire as to why I have to empty this folder? Is there something in it that has to be rid of the computer in order for me to get rid of Zlob?

Thanks in advance, Joe.
 
Hello Marrka,

I'd like to enquire as to why I have to empty this folder? Is there something in it that has to be rid of the computer in order for me to get rid of Zlob?
Click to expand...
Yes, fixwareout found something from the temp folder and that's way we need to empty it.
 
Thankyou for your advice and co-operation thus far, it's much appreciated.

By empty, do you mean delete the items in the temp folder or just take them out?
 
Alright, have done and will shortly run Fixwareout and then HiJackThis and post both reports, or just the HiJackThis one?
 
My Fixwareout report...

Username "Aaron" - 2007-08-09 19:04:49 [Fixwareout edited 2007/07/05]

»»»»»Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2622CE10-3199-47C5-8CA6-617EC09A03AE}
"nameserver"="85.255.113.106" <Value cleared.

Successfully flushed the DNS Resolver Cache.


And my subsequent HiJackthis log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:11, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Icons\Seticon.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{218D9B55-D202-4EF7-A55C-C7C6C7594C81}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 85.255.113.106,85.255.112.111
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

--
End of file - 7464 bytes


Next step?
 
Here's a newer HiJackThis log, just in case something changed. If you could get back to me with the next step as soon as possible, that would be awesome, thankyou.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:53:16, on 10/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Icons\Seticon.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
C:\My Documents\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{218D9B55-D202-4EF7-A55C-C7C6C7594C81}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{2622CE10-3199-47C5-8CA6-617EC09A03AE}: NameServer = 85.255.113.106 85.255.112.111
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 85.255.113.106,85.255.112.111
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

--
End of file - 7705 bytes
 
Hello :)

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
____________________

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows except HijackThis and press fix checked.

O17 - HKLM\System\CCS\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{218D9B55-D202-4EF7-A55C-C7C6C7594C81}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{2622CE10-3199-47C5-8CA6-617EC09A03AE}: NameServer = 85.255.113.106 85.255.112.111
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 85.255.113.106,85.255.112.111
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{14E69B32-8D02-468E-A137-C5DAF4003457}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
___________________

Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)
________________________

Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
_______________________

Please then reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
__________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      scanavgjk2.jpg
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
_______________________

Post:
- A fresh HijackThis log
- AVG Anti-Spyware's report
 
After a long afternoon of following your instructions, here is my fresh HiJackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:12, on 10/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\My Documents\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Icons\Seticon.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2622CE10-3199-47C5-8CA6-617EC09A03AE}: NameServer = 212.139.132.58 212.139.132.59
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Aaron.ANDY-067B4BDB81\My Documents\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

--
End of file - 6880 bytes
 
It says my AVG Anti Spyware log is too long to post, and I can't upload it because it exceeds the limits. I'll post it in two halfs;

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:24:38 10/08/2007

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0162520.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0162556.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0162560.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0162567.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0162568.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0162569.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0163609.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0163611.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0163611.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0163611.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0163611.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0163611.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173652.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173653.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173657.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173658.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173658.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173658.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173658.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173658.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173660.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173661.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173661.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173661.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173661.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173661.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0181778.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0181779.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0181780.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0181780.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0181780.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0181780.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0181780.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0186952.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0186957.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0186972.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0186977.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0186987.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0187016.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0187171.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199718.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199723.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199723.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199723.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199723.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199723.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199724.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199732.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199732.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199732.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199732.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199732.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0211887.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0211887.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0211887.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0211887.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0211887.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267365.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267365.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267365.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267365.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267365.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267374.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267374.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267374.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267374.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267374.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0274350.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0274350.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0274350.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0274350.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0274350.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0277538.CPY -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319208.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319208.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319208.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319208.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319208.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319210.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319210.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319210.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319210.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319210.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319221.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319221.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319221.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319221.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319221.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321233.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321233.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321233.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321233.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321233.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321241.CPY/C:/WINDOWS/SYSTEM/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321241.CPY/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321241.CPY/C:/WINDOWS/SYSTEM/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321241.CPY/C:/WINDOWS/SYSTEM/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321241.CPY/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS137.CAB/A0042022.CPY -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS137.CAB/A0042020.CPY -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223331.exe -> Adware.Relevance : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0251746.CPY -> Adware.Relevance : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0255972.CPY -> Adware.Relevance : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199732.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0211887.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267365.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267374.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0274350.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319208.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319210.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319221.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321233.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321241.CPY/C:/WINDOWS/SYSTEM/exclean.exe -> Adware.Small : Cleaned with backup (quarantined).
C:\Downloads\TournamentChessII-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Andy\Local Settings\Temp\temp.frD8AA\MediaAccK.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Winad Client\WinClt.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Windows ServeAd\WinAtServ.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Windows ServeAd\WinServAd.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Windows ServeAd\WinServSuit.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0223332.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS89.CAB/A0024431.CPY -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Program Files\Windows TaskAd -> Adware.WinTaskAd : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS100.CAB/A0030479.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS101.CAB/A0031475.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS101.CAB/A0031476.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS132.CAB/A0040854.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS137.CAB/A0041992.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS137.CAB/A0041993.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS139.CAB/A0042995.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS152.CAB/A0047137.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS152.CAB/A0047140.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS152.CAB/A0047141.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS227.CAB/A0067902.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS227.CAB/A0067903.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS227.CAB/A0067907.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS272.CAB/A0077466.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078512.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078518.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078522.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078535.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078536.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078542.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078546.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078557.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078561.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078569.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078570.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS278.CAB/A0078579.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS346.CAB/A0099548.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS346.CAB/A0099549.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS346.CAB/A0099550.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS346.CAB/A0099565.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS346.CAB/A0099581.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS346.CAB/A0099584.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS394.CAB/A0115230.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS82.CAB/A0020374.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS82.CAB/A0020401.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS96.CAB/A0029498.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS96.CAB/A0029499.CPY -> Dialer.Holistyc : Cleaned with backup (quarantined).
 
C:\_RESTORE\TEMP\A0163611.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173658.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0173661.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0181780.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199723.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0199732.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0211887.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267365.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0267374.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0274350.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319208.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319210.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0319221.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321233.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\TEMP\A0321241.CPY/C:/WINDOWS/SYSTEM/msexreg.exe -> Dialer.Small : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS271.CAB/A0077445.CPY -> Downloader.Holica.b : Cleaned with backup (quarantined).
C:\Documents and Settings\Aaron(2).ANDY-067B4BDB81\Local Settings(2)\Temporary Internet Files(2)\Content(2).IE5\SD2VWLQ3\popup[1].htm -> Downloader.IstBar.ai : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS271.CAB/A0077444.CPY -> Downloader.Small.or : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS271.CAB/A0077446.CPY -> Downloader.Small.qs : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS271.CAB/A0077447.CPY -> Downloader.Small.qs : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS394.CAB/A0115229.CPY -> Downloader.Small.zq : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS138.CAB/A0042224.CPY -> Downloader.TSUpdate.a : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS123.CAB/A0038665.CPY -> Dropper.Small.ja : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS126.CAB/A0039713.CPY -> Dropper.Small.ja : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS132.CAB/A0040857.CPY -> Dropper.Small.ja : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS134.CAB/A0040908.CPY -> Dropper.Small.ja : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS98.CAB/A0030457.CPY -> Dropper.Small.ja : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP82\A0087498.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP82\A0087499.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP82\A0087500.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP82\A0089824.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP82\A0089825.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP82\A0089826.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS48.CAB/A0012049.CPY -> Hijacker.StartPage.iv : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS8.CAB/A0000680.CPY -> Hijacker.StartPage.ix : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS123.CAB/A0038664.CPY -> Hijacker.StartPage.ld : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS132.CAB/A0040856.CPY -> Hijacker.StartPage.ld : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS134.CAB/A0040907.CPY -> Hijacker.StartPage.ld : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS181.CAB/A0057502.CPY -> Not-A-Virus.PornDownloader.Win32.TibSystems : Cleaned with backup (quarantined).
:mozilla.114:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.78:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.80:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.81:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.82:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.83:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.84:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Aaron(2).ANDY-067B4BDB81\Cookies(2)\aaron@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.28:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.29:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.30:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.31:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.33:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.43:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.44:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.45:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.46:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.58:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.59:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.60:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.61:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.62:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.63:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.65:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.66:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.72:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.73:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.74:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.75:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.76:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.77:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.135:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Adtech : Cleaned.
:mozilla.136:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Adtech : Cleaned.
:mozilla.24:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.25:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.30:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.32:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.18:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.24:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.44:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.51:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.63:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.142:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Aaron(2).ANDY-067B4BDB81\Cookies(2)\aaron@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.87:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Burstnet : Cleaned.
:mozilla.88:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Burstnet : Cleaned.
:mozilla.89:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Aaron(2).ANDY-067B4BDB81\Cookies(2)\aaron@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.127:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.128:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.129:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.130:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.26:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.27:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.28:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.29:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.30:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Casalemedia : Cleaned.
 
:mozilla.85:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Com : Cleaned.
:mozilla.9:C:\Documents and Settings\Dawn.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\6nmq0gaw.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Aaron(2).ANDY-067B4BDB81\Cookies(2)\aaron@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\David(2).ANDY-067B4BDB81\Cookies(2)\david@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.14:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.17:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.18:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.37:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.38:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.35:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.36:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.36:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.37:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.37:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.38:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.38:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.39:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.39:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.40:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.42:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.43:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.44:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.45:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.46:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.47:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.57:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.58:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.59:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.60:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.61:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.70:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.71:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.72:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.73:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.74:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Euroclick : Cleaned.
:mozilla.17:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.18:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.19:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.20:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.20:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.21:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.21:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.22:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.23:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.24:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.25:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.50:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.51:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.52:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.52:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.53:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.53:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.54:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.54:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.55:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.56:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.168:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.169:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.170:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.67:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.68:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.88:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.89:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.93:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.94:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.60:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.87:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Masterstats : Cleaned.
:mozilla.143:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.95:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Aaron(2).ANDY-067B4BDB81\Cookies(2)\aaron@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\David(2).ANDY-067B4BDB81\Cookies(2)\david@navrcholu[2].txt -> TrackingCookie.Navrcholu : Cleaned.
:mozilla.175:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Overture : Cleaned.
:mozilla.113:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Aaron(2).ANDY-067B4BDB81\Cookies(2)\aaron@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.137:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.138:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.139:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.140:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Aaron(2).ANDY-067B4BDB81\Cookies(2)\aaron@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Nathan(2).ANDY-067B4BDB81\Cookies(2)\nathan@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned.
:mozilla.123:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Realmedia : Cleaned.
:mozilla.13:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Realmedia : Cleaned.
:mozilla.68:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Realmedia : Cleaned.
:mozilla.20:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Revsci : Cleaned.
:mozilla.42:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Revsci : Cleaned.
:mozilla.66:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Revsci : Cleaned.
:mozilla.22:C:\Documents and Settings\Andy.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\ausn26rx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.23:C:\Documents and Settings\Andy.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\ausn26rx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.24:C:\Documents and Settings\Andy.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\ausn26rx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.25:C:\Documents and Settings\Andy.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\ausn26rx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.26:C:\Documents and Settings\Andy.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\ausn26rx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.77:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.78:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.79:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.80:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.81:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.82:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Nathan(2).ANDY-067B4BDB81\Cookies(2)\nathan@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.171:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.174:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.125:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.42:C:\FOUND.060\FILE0019.CHK -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.67:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.90:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.67:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.19:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\FOUND.059\FILE0022.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.24:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\FOUND.043\FILE0029.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\Nathan.ANDY-067B4BDB81\Application Data\Mozilla\Firefox\Profiles\r9pmlgeh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\FOUND.044\FILE0001.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.90:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.91:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.92:C:\FOUND.042\FILE0017.CHK -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Aaron\Local Settings\Temp\klclopmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Aaron\Local Settings\Temp\mdfejpmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228638.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228647.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D4B4F15A-2C78-45B3-9B39-322720FCE978}\RP110\A0228639.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024 -> Trojan.Small : Cleaned with backup (quarantined).

::Report end
 
Hello :)

Next step is:

Kaspersky online scanner works only with Internet Explorer!

Please run an online scanner with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
______________________

Post:
- A fresh HijackThis log
- Kaspersky's report
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:53, on 10/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Aaron.ANDY-067B4BDB81\My Documents\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Icons\Seticon.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\Aaron\My Documents\LimeWire\LimeWire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2622CE10-3199-47C5-8CA6-617EC09A03AE}: NameServer = 212.139.132.58 212.139.132.59
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Aaron.ANDY-067B4BDB81\My Documents\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

--
End of file - 7151 bytes
 
You must log in or register to reply here.
Back
Top