[seraphym]

I've basically gone through the OIN removal tutorial and It told me to post all of my logs here before i move on to the next step.. so here ya go. Please advise me on what to do next.. thank you guys.


First, my UNINSTALL LIST

Adobe Flash Player 9 ActiveX
Adobe Reader 6.0
ArcSoft PhotoImpression 5
AVG Anti-Spyware 7.5
Battlefield 2142
Bookworm Adventures Deluxe 1.0
Creative Audio Console
DUNGEONS & DRAGONS ONLINE™: Stormreach™ v05.02.30.231
eMule
EPSON CX 3800 Guide
EPSON Printer Software
EPSON Scan
GetRight
HijackThis 1.99.1
ICQ
J2SE Runtime Environment 5.0 Update 9
K-Lite Codec Pack 2.77 Full
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Neverwinter Nights 2
NVIDIA Drivers
Paint Shop Pro 6.0 (ESD)
QuickTime Alternative 1.76
Skype 3.0
Skype Plugin Manager
Star Wars® Knights of the Old Republic® II: The Sith Lords™
Viewpoint Media Player
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
WinRAR archiver
World of Warcraft
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar


Next, my HI-Jack This log

Logfile of HijackThis v1.99.1
Scan saved at 7:21:05 PM, on 12/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\Maverick\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.metacrawl.ws
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.metacrawl.ws
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...ntage_load.html
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....302/Coupons.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


NEXT: My AVG anti spyware log.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:17:30 PM 12/19/2006

+ Scan result:



C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP60\A0006334.exe -> Adware.ClickSpring : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP62\A0006420.exe -> Adware.ClickSpring : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP62\A0006428.exe -> Adware.ClickSpring : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP56\A0006206.dll -> Adware.CommAd : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP56\A0006207.exe -> Adware.CommAd : Cleaned.
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP44\A0005219.exe -> Adware.Maxifiles : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP44\A0005221.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP62\A0006411.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP56\A0006212.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP56\A0006213.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP60\A0006335.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP60\A0006336.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP62\A0006409.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP62\A0006433.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP62\A0006434.exe -> Adware.Softomate : Cleaned.
E:\old D drive stuff\Local Disk (E)\exe files\s2k\s2k.serials2k7.1.zip/s2k.hacking.exe -> Dialer.Generic : Cleaned.
E:\old D drive stuff\Local Disk (E)\exe files\s2k\s2k.serials2k7.1\s2k.hacking.exe -> Dialer.Generic : Cleaned.
E:\old D drive stuff\Local Disk (E)\exe files\ICQ\ICQ_2003b_build_3916_Anti-banner_Patch.zip/tva.exe -> Downloader.INService.i : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP60\A0006352.exe -> Downloader.PurityScan.bv : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP46\A0005992.exe -> Downloader.PurityScan.da : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP62\A0006419.exe -> Downloader.PurityScan.dr : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP44\A0005220.dll -> Downloader.Small.ece : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP44\A0005218.exe -> Dropper.DollarR.b : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP44\A0005223.exe -> Dropper.Small : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP62\A0006412.exe -> Dropper.Small : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP60\A0006348.exe -> Hijacker.Agent.iq : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP62\A0006429.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned.
D:\Program Files\Yahoo Message Archive Decoder\yahoopwd.exe -> Not-A-Virus.PSWTool.Win32.Yahoo.c : Cleaned.
E:\New Folder\vitrolstuff\glider\Shadow.sys -> Rootkit.Agent.ck : Cleaned.
E:\New Folder\vitrolstuff\glider\szde.sys -> Rootkit.Agent.ck : Cleaned.
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@goclick[1].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Maverick\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Maverick\Cookies\maverick@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP56\A0006208.vbs -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP60\A0006337.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP61\A0006378.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP62\A0006416.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{D461A72B-8852-43CB-8C57-65CEB59E3E85}\RP62\A0006427.vbs -> Trojan.Small : Cleaned.


::Report end



and finally, my combofix log

Maverick - 06-12-19 17:52:34.65 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Maverick\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Cowabanga
C:\Program Files\Inetget2
C:\Program Files\network monitor
C:\Program Files\Common Files\{8810F8E9-08A3-1033-1201-050302060001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Maverick\My Documents\MCROSO~1.NET
C:\QooBox\Purity\Documents and Settings\Maverick\My Documents\SSTEM~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~1
C:\QooBox\Purity\WINDOWS\system32\CROSOF~1
C:\QooBox\Purity\WINDOWS\system32\FNTS~1
C:\QooBox\Purity\WINDOWS\system32\MBOLS~1


((((((((((((((((((((((((((((((( Files Created from 2006-11-19 to 2006-12-19 ))))))))))))))))))))))))))))))))))


2006-12-18 21:24 <DIR> d-------- C:\Program Files\Common Files\Skype
2006-12-18 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2006-12-16 14:20 <DIR> d-------- C:\Documents and Settings\Maverick\Application Data\ArcSoft
2006-12-14 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-12-11 18:34 <DIR> d-------- C:\Program Files\Viewpoint
2006-12-11 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2006-12-06 23:30 <DIR> d-------- C:\Documents and Settings\Maverick\Application Data\Zylom
2006-12-06 23:25 <DIR> d-------- C:\Program Files\IEToolbar
2006-12-05 20:04 <DIR> d-------- C:\Program Files\PopCap Games
2006-11-27 15:12 <DIR> d-------- C:\Program Files\QuickTime Alternative
2006-11-27 15:12 <DIR> d-------- C:\Program Files\Media Player Classic
2006-11-27 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-11-26 22:51 <DIR> d-------- C:\WINDOWS\Minidump
2006-11-23 13:40 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-11-23 13:15 <DIR> d-------- C:\WINDOWS\pss
2006-11-23 03:44 69 --a-s---- C:\WINDOWS\test.bat
2006-11-23 01:43 <DIR> d-------- C:\Program Files\America's Army
2006-11-20 16:53 <DIR> d-------- C:\Program Files\eMule
2006-11-19 17:43 47,104 --a------ C:\WINDOWS\system32\Wh2Robo.dll
2006-11-19 17:43 317,952 --a------ C:\WINDOWS\system32\Roboex32.dll
2006-11-19 17:43 <DIR> d-------- C:\Program Files\Paint Shop Pro 6


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-19 17:54 -------- d-------- C:\Program Files\Common Files
2006-12-19 00:10 -------- d-------- C:\Documents and Settings\Maverick\Application Data\Skype
2006-12-18 21:24 -------- d-------- C:\Program Files\Skype
2006-12-14 15:05 -------- d-------- C:\Program Files\Yahoo!
2006-12-06 23:30 -------- d-------- C:\Documents and Settings\Maverick\Application Data\Identities
2006-12-01 16:37 -------- d-------- C:\Program Files\GetRight
2006-11-23 13:40 -------- d---s---- C:\Documents and Settings\Maverick\Application Data\Microsoft
2006-11-19 01:07 -------- d-------- C:\Program Files\ICQ
2006-11-12 21:34 -------- d-------- C:\Program Files\Java
2006-11-12 21:34 -------- d-------- C:\Documents and Settings\Maverick\Application Data\Sun
2006-11-12 21:33 -------- d-------- C:\Program Files\Common Files\Java
2006-11-07 19:25 -------- d-------- C:\Documents and Settings\Maverick\Application Data\GetRightToGo
2006-11-05 18:28 -------- d-------- C:\Program Files\Turbine
2006-11-04 02:36 -------- d-------- C:\Documents and Settings\Maverick\Application Data\AdobeUM
2006-11-04 02:35 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-04 02:35 -------- d-------- C:\Program Files\Adobe
2006-11-04 02:35 -------- d-------- C:\Documents and Settings\Maverick\Application Data\Adobe
2006-11-03 00:50 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-11-02 18:42 -------- d-------- C:\Program Files\Internet Explorer
2006-11-02 18:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-02 18:34 -------- d-------- C:\Program Files\Atari
2006-11-01 19:53 -------- d-------- C:\Program Files\WinRAR
2006-10-29 03:14 -------- d-------- C:\Documents and Settings\Maverick\Application Data\Media Player Classic
2006-10-27 18:51 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-27 08:10 -------- d-------- C:\Program Files\Windows Media Player
2006-10-27 08:10 -------- d-------- C:\Program Files\Winamp
2006-10-26 19:24 4 --ah----- C:\WINDOWS\uccspecb.sys
2006-10-26 19:24 -------- d-------- C:\Documents and Settings\Maverick\Application Data\Leadertech
2006-10-26 19:19 -------- d-------- C:\Program Files\epson
2006-10-26 19:19 -------- d-------- C:\Program Files\ArcSoft
2006-10-26 19:18 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-26 00:37 -------- d-------- C:\Program Files\World of Warcraft
2006-10-21 22:23 -------- d-------- C:\Program Files\Electronic Arts
2006-10-18 18:11 457 --a------ C:\Program Files\INSTALL.LOG
2006-10-15 21:33 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2006-10-15 21:33 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2006-10-15 20:57 0 -rahs---- C:\MSDOS.SYS
2006-10-15 20:57 0 -rahs---- C:\IO.SYS
2006-10-15 20:57 0 --a------ C:\CONFIG.SYS
2006-10-15 20:57 0 --a------ C:\AUTOEXEC.BAT
2006-10-15 13:49 62 --ahs---- C:\Documents and Settings\Maverick\Application Data\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Maverick^Start Menu^Programs^Startup^iexplore.exe]
"path"="C:\\Documents and Settings\\Maverick\\Start Menu\\Programs\\Startup\\iexplore.exe"
"backup"="C:\\WINDOWS\\pss\\iexplore.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Maverick\\Start Menu\\Programs\\Startup\\iexplore.exe"
"item"="iexplore"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-12-19 17:54:10.17
C:\ComboFix.txt ... 06-12-19 17:54

[Advertisements]

el bumpo.

[seraphym]

el bumpo.

[MFDnSC]

You have no active AntiVirus!

Get the free AVG 7.5 install it, check for updates and run a full scan

AVG 7.5 - http://free.grisoft....eweb.php/doc/2/

=================
Add remove programs - remove Viewpoint

=======================
IE - Block Third party cookies
1. Click on the Tools button on the Internet Explorer tool bar.
2. Highlight and click on Internet options at the bottom of the Tools menu.
3. Select the Privacy Tab of the Internet Options menu.
4. Select the Advanced... button at the bottom of the screen.
5. Select override automatic cookie handling button.
6. To block third party cookies select block under "Third-party cookies".
7. Select "always allow session cookies".
8. Click on the OK button at the bottom of the screen.
================

Clean

Turn off restore points, boot, turn them back on – here’s how

http://service1.syma...src=sec_doc_nam

[seraphym]

thank you for the help mfd, sorry for the bump earlier, i read the "do not bump" message after i already did it. but you all were really helpful.

[MFDnSC]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.