Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with removing Win32: Pakes - AVF [CLOSED]


  • This topic is locked This topic is locked

#1
Oakie

Oakie

    Member

  • Member
  • PipPip
  • 11 posts
Hi guys,

So I'm trying t remove a trojan but can't quite figure it out. Here are the details:

There is a trojan on my computer that I found after letting my sister borrow the computer. The file is in a temp folder and named .ttC.tmp

Malware name: Win32:Pakes-AVF [Trj]

Deleting the file within Avast doesn't seem to do anything, neither does moving it to the chest or manually deleting the files.

The trojan makes a bunch of bugs start crawling around the desktop "eating" the taskbar and i also cannot change the desktop background. it currently looks like this... :-(

Posted Image

Can someone help me out please?

Edited by Oakie, 09 June 2008 - 12:51 PM.

  • 0

Advertisements


#2
Oakie

Oakie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i just tried the smit fraud fix and nothing...

:)
  • 0

#3
Oakie

Oakie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hijack this log file...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:14, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Avast\aswUpdSv.exe
D:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
D:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphccugj0ena3.exe
C:\Program Files\DNA\btdna.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\TVersity\Media Server\MediaServer.exe
D:\Program Files\Avast\ashMaiSv.exe
D:\Program Files\Avast\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program

files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite

6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lphccugj0ena3] C:\WINDOWS\system32\lphccugj0ena3.exe
O4 - HKLM\..\Run: [SMshcaugj0ena3] C:\Program Files\shcaugj0ena3\shcaugj0ena3.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat

7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite

6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite

6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe

Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program

Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program

Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program

Files\Avast\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity

Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TVersityMediaServer - Unknown owner - D:\Program Files\TVersity\Media

Server\MediaServer.exe

--
End of file - 6985 bytes
  • 0

#4
Oakie

Oakie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
bump
  • 0

#5
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello Oakie and Welcome to Geeks to Go!

Sorry for the delay. We've been quite busy this week. :)
Could you post your HijackThis log again but this time turn off Wordwrap first.

In notepad, locate "Format menu" then uncheck Wordwrap.
  • 0

#6
Oakie

Oakie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
alright thanks for actually getting to me!
I'm not home right now, so i dont have access to that computer.
but i will post another hijack this log as soon as i get there.

thanks for the help
  • 0

#7
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
No problem. Just post the log when done. :)

Edited by koko_crunch, 14 June 2008 - 12:31 PM.

  • 0

#8
Oakie

Oakie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ok here is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:16 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Avast\aswUpdSv.exe
D:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphccugj0ena3.exe
C:\Program Files\AXPDefender\AXPDefender.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Avast\ashMaiSv.exe
D:\Program Files\Avast\ashWebSv.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lphccugj0ena3] C:\WINDOWS\system32\lphccugj0ena3.exe
O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Avast\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TVersityMediaServer - Unknown owner - D:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 6986 bytes
  • 0

#9
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
After checking your log, I did find malware on your system.
Please stick with me until we get you cleaned up. :)

You apparently have installed a rogue protection software. Click here for details.

Let's begin.

First, please disable Spybot S&D (Teatimer) although out the fix.
Teatimer may block/restore fixes we'll perform.

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Next,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [lphccugj0ena3] C:\WINDOWS\system32\lphccugj0ena3.exe
O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe

Now close all windows other than HiJackThis, then click Fix Checked.
Close HiJackThis.

------------

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

AXPDefender

Please note any other programs that you dont recognize in that list in your next response


Then,

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\lphccugj0ena3.exe
    C:\Program Files\AXPDefender
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post back with
- OTMOveit log
- New Hijackthis log
  • 0

#10
Oakie

Oakie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
- OTMOveit log

C:\WINDOWS\system32\lphccugj0ena3.exe moved successfully.
C:\Program Files\AXPDefender moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06142008_173002


- HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:02 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Avast\aswUpdSv.exe
D:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
D:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Avast\ashMaiSv.exe
D:\Program Files\Avast\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Avast\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TVersityMediaServer - Unknown owner - D:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 6770 bytes


No other unknown programs are shown on my programs list. Move it did not ask to restart.

Edited by Oakie, 14 June 2008 - 04:57 PM.

  • 0

Advertisements


#11
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Now a couple of scan to see if we missed any...

First,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next,

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Finally,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Post back with the following logs.

- MBAM log
- SuperAntispyware log
- DSS log main and extra
  • 0

#12
Oakie

Oakie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ok here they are

Malwarebytes' Anti-Malware 1.17
Database version: 856

8:29:38 PM 6/14/2008
mbam-log-6-14-2008 (20-29-38).txt

Scan type: Quick Scan
Objects scanned: 42983
Time elapsed: 12 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 12
Files Infected: 149

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Inigo\Application Data\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Application Data\AXPDefender\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Application Data\AXPDefender\AXPDefender\Quarantine (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Application Data\AXPDefender\AXPDefender\Quarantine\Packages (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\10E8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\10EC.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\10EF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\10F2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\10F5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\10F8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\10FB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\10FE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\11.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1101.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1104.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1107.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\110A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\110D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1110.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1113.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1116.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1119.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\111C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\111F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1122.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1125.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1128.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\112B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\112E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1131.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1134.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1137.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\113A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\113D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1140.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1143.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1146.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1149.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\114C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\114F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1152.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1155.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1158.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\115B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\115E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1161.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1164.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1167.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\116A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\116D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1170.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1173.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1176.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1179.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\117C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\117F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\15.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\19.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2F7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2FA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2FD.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\300.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\303.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\306.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4D7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4DA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4DD.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4E0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4E3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4E6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4E9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4EC.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4EF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4F2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4F5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4F8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4FB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4FE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\501.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\504.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\507.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\50A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\50D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\510.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\513.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\516.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\519.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\51C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\51F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\522.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\525.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\528.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\52B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\52E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\531.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\534.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\537.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\53A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\53D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\540.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\543.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\546.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\549.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\54C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\54F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\552.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\556.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\559.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\55C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5AE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5B2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5B5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5B8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5BB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5BE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5C1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5C4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5C7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5CA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5CD.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5D0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5D3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5D6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5D9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5DC.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5DF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5E2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5E5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5E8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5EB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5EE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5F1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5F4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5F7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5FA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5FD.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\600.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\603.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\606.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\69C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphccugj0ena3.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FFA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Local Settings\Temp\.ttD2C.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPDefender.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inigo\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/14/2008 at 09:51 PM

Application Version : 4.15.1000

Core Rules Database Version : 3482
Trace Rules Database Version: 1473

Scan type : Complete Scan
Total Scan Time : 01:10:19

Memory items scanned : 426
Memory threats detected : 0
Registry items scanned : 5505
Registry threats detected : 0
File items scanned : 17839
File threats detected : 50

Adware.Tracking Cookie
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][2].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][2].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][2].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][2].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][2].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][2].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][2].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][2].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][2].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][2].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][2].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
C:\Documents and Settings\Inigo\Cookies\[email protected][1].txt
.questionmarket.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.network.realmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
cache.trafficmp.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
cache.trafficmp.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.eyewonder.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.eyewonder.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
ads.adbrite.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
ad1.clickhype.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.tremor.adbureau.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
tremor.adbureau.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.rocku.adbureau.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.secretxxxvideo.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.secretxxxvideo.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.freeadultmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.freeadultmedia.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.nakedonthestreets.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.nakedonthestreets.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
www.nakedonthestreets.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
www.nakedonthestreets.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
www.nakedonthestreets.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.freesexdoor.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
www.freeporn.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.freeporn.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.freeporn.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
www.freeporn.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.porn.gonzo-movies.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.porn.gonzo-movies.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.[bleep].dreammovies.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.[bleep].dreammovies.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
pornorama.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
pornorama.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.pornorama.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
pornorama.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
pornorama.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
pornorama.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
pornorama.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
.pornorama.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
www.pornorama.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
www.pornorama.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
www.pornorama.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
www.pornorama.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
www.pornorama.com [ C:\Documents and Settings\Inigo\Application Data\Mozilla\Firefox\Profiles\l2e2wloc.default\cookies.txt ]
www.pornorama.com [ C:\Docum
  • 0

#13
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Looks like the scan did a lot of good. :)

Next,

Click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt
  • 0

#14
Oakie

Oakie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
yeah it sure did! I've got no more bugs and no more ugly wallpaper that wont go away. It also cleared a whole bunch of stuff i didnt know i had!

Deckard's System Scanner v20071014.68
Run by Inigo on 2008-06-14 22:43:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 4 Restore Point(s) --
4: 2008-06-15 03:06:39 UTC - RP7 - Deckard's System Scanner Restore Point
3: 2008-06-15 01:38:13 UTC - RP6 - Installed SUPERAntiSpyware Free Edition
2: 2008-06-14 00:22:49 UTC - RP5 - System Checkpoint
1: 2008-06-13 12:40:36 UTC - RP4 - System Checkpoint


Performed disk cleanup.

Percentage of Memory in Use: 85% (more than 75%).


-- HijackThis (run as Inigo.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:46 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Avast\aswUpdSv.exe
D:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
D:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\SuperAntiSpy\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Inigo\desktop\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\Inigo.exe
C:\WINDOWS\system32\wscntfy.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SuperAntiSpy\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SuperAntiSpy\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Avast\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TVersityMediaServer - Unknown owner - D:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 6919 bytes

-- HijackThis Fixed Entries (D:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080614-172707-431 O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe
backup-20080614-172707-888 O4 - HKLM\..\Run: [lphccugj0ena3] C:\WINDOWS\system32\lphccugj0ena3.exe

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 TVersityMediaServer - d:\program files\tversity\media server\mediaserver.exe

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F03\4&35F762C4&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F03\4&35F762C4&0
Service: i8042prt

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 5300
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 5300
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 692)
2003-02-26 20:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2007-04-19 13:41:36 294912 --a------ D:\Program Files\SuperAntiSpy\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>
2005-12-06 21:16:30 176128 --a------ D:\Program Files\Window Blinds\WbSrv.dll <Not Verified; Stardock; Stardock WindowBlinds 5.0>
2005-11-28 13:57:10 512090 --a------ D:\Program Files\Window Blinds\wblind.dll <Not Verified; Stardock.Net, Inc; WindowBlinds>
2004-09-18 15:37:00 28740 --a------ D:\Program Files\Window Blinds\wbhelp.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4 for Win32 x86 machines>

C:\WINDOWS\system32\svchost.exe (pid 928)
2003-02-26 20:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>

C:\WINDOWS\system32\svchost.exe (pid 1104)
2003-02-26 20:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2005-11-28 13:57:10 512090 --a------ D:\Program Files\Window Blinds\wblind.dll <Not Verified; Stardock.Net, Inc; WindowBlinds>
2004-09-18 15:37:00 28740 --a------ D:\Program Files\Window Blinds\wbhelp.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4 for Win32 x86 machines>

C:\WINDOWS\system32\svchost.exe (pid 1144)
2003-02-26 20:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>

C:\WINDOWS\explorer.exe (pid 1772)
2003-02-26 20:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2004-09-18 15:37:00 28740 --a------ D:\Program Files\Window Blinds\wbhelp.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4 for Win32 x86 machines>
2005-11-28 13:57:10 512090 --a------ D:\Program Files\Window Blinds\wblind.dll <Not Verified; Stardock.Net, Inc; WindowBlinds>
2005-11-02 13:28:26 32768 --a------ D:\Program Files\Window Blinds\tray.dll
2007-06-19 10:49:12 562688 --a------ D:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll <Not Verified; Nokia; Phone Browser>
2007-06-15 12:16:44 659456 --a------ D:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll <Not Verified; Nokia; PC Suite Common Modules>
2007-06-05 16:36:34 27648 --a------ D:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng-us.NLR <Not Verified; Nokia; Nokia Phone Browser>
2007-05-04 12:13:28 543744 --a------ D:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.NGR <Not Verified; Nokia; Nokia Phone Browser>
2008-05-13 10:13:36 77824 --a------ D:\Program Files\SuperAntiSpy\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>
2006-12-03 15:53:06 126464 --a------ D:\WinRar\RarExt.dll

C:\WINDOWS\system32\svchost.exe (pid 1364)
2003-02-26 20:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2006-12-11 00:29:24 131072 --a------ C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2006-12-11 00:29:24 184320 --a------ C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2005-11-28 13:57:10 512090 --a------ D:\Program Files\Window Blinds\wblind.dll <Not Verified; Stardock.Net, Inc; WindowBlinds>
2004-09-18 15:37:00 28740 --a------ D:\Program Files\Window Blinds\wbhelp.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4 for Win32 x86 machines>
2007-01-02 23:46:54 225280 --a------ C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2006-12-11 00:29:24 442368 --a------ C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>
2007-01-02 22:40:10 135168 --a------ C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll <Not Verified; Hewlett-Packard Co.; hp digital imaging - hp all-in-one series>

C:\WINDOWS\system32\svchost.exe (pid 792)
2003-02-26 20:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2006-11-08 17:35:36 43520 --a------ C:\WINDOWS\system32\HPZinw12.dll <Not Verified; Hewlett-Packard; Bidi User Mode>
2005-11-28 13:57:10 512090 --a------ D:\Program Files\Window Blinds\wblind.dll <Not Verified; Stardock.Net, Inc; WindowBlinds>
2004-09-18 15:37:00 28740 --a------ D:\Program Files\Window Blinds\wbhelp.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4 for Win32 x86 machines>

C:\WINDOWS\system32\svchost.exe (pid 2208)
2003-02-26 20:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2006-11-08 17:35:38 53248 --a------ C:\WINDOWS\system32\HPZipm12.dll <Not Verified; Hewlett-Packard; Bidi User Mode>
2005-11-28 13:57:10 512090 --a------ D:\Program Files\Window Blinds\wblind.dll <Not Verified; Stardock.Net, Inc; WindowBlinds>
2004-09-18 15:37:00 28740 --a------ D:\Program Files\Window Blinds\wbhelp.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4 for Win32 x86 machines>
2006-11-08 17:35:38 49152 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; Hewlett-Packard; Bidi User Mode>

C:\WINDOWS\system32\svchost.exe (pid 2444)
2003-02-26 20:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>


-- Scheduled Tasks -------------------------------------------------------------

2008-06-03 10:13:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-12-16 01:40:30 290 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job


-- Files created between 2008-05-14 and 2008-06-14 -----------------------------

2008-06-14 20:38:24 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-14 20:38:14 0 d-------- C:\Documents and Settings\Inigo\Application Data\SUPERAntiSpyware.com
2008-06-14 20:37:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 15:12:14 0 d-------- C:\Documents and Settings\Inigo\Application Data\shcaugj0ena3
2008-06-10 14:57:39 0 d-------- C:\Documents and Settings\Inigo\Application Data\Malwarebytes
2008-06-10 14:57:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 12:03:51 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-05 22:47:51 0 d-------- C:\Documents and Settings\Inigo\Battleground Europe
2008-06-05 22:41:34 200704 --a------ C:\WINDOWS\system32\teulKit.dll
2008-06-05 22:41:34 0 d-------- C:\Program Files\Netscape


-- Find3M Report ---------------------------------------------------------------

2008-06-14 22:43:45 0 d-------- C:\Documents and Settings\Inigo\Application Data\DNA
2008-06-14 22:01:44 0 d-------- C:\Documents and Settings\Inigo\Application Data\uTorrent
2008-06-14 20:37:27 0 d-------- C:\Program Files\Common Files
2008-06-12 21:46:26 0 d-------- C:\Documents and Settings\Inigo\Application Data\.purple
2008-06-10 16:00:11 3442 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-09 08:37:54 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-08 22:59:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-03 14:50:54 0 d-------- C:\Documents and Settings\Inigo\Application Data\teamspeak2
2008-05-30 15:11:08 0 d-------- C:\Documents and Settings\Inigo\Application Data\GetRightToGo
2008-05-30 13:53:56 0 d-------- C:\Program Files\AviSynth 2.5
2008-05-15 15:12:38 0 d-------- C:\Documents and Settings\Inigo\Application Data\Adobe
2008-05-12 15:58:27 0 d-------- C:\Documents and Settings\Inigo\Application Data\AdobeUM
2008-05-04 18:37:14 0 d-------- C:\Documents and Settings\Inigo\Application Data\Move Networks
2008-04-28 20:10:09 0 d-------- C:\Program Files\Apple Software Update
2008-04-28 15:32:21 0 d-------- C:\Program Files\iPod
2008-04-28 15:29:40 0 d-------- C:\Program Files\QuickTime
2008-04-26 18:02:28 0 d-------- C:\Documents and Settings\Inigo\Application Data\LimeWire
2008-04-22 17:26:07 135162 --a----c- C:\WINDOWS\hpwins10.dat
2008-04-19 11:49:37 0 d-------- C:\Program Files\MSECache


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 01:29 PM]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [06/23/2003 07:32 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/07/2003 02:19 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/07/2003 02:07 AM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [08/18/2003 08:56 PM]
"AGRSMMSG"="AGRSMMSG.exe" [05/23/2003 01:43 PM C:\WINDOWS\AGRSMMSG.exe]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 12:08 AM]
"avast!"="D:\PROGRA~1\Avast\ashDisp.exe" [05/15/2008 06:19 PM]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [06/18/2007 03:10 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/10/2006 10:52 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/27/2007 11:52 PM]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [08/31/2007 01:01 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/08/2008 04:46 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"SUPERAntiSpyware"="D:\Program Files\SuperAntiSpy\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Inigo\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [1/2/2007 10:40:10 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SuperAntiSpy\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SuperAntiSpy\SASWINLO.dll 04/19/2007 01:41 PM 294912 D:\Program Files\SuperAntiSpy\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
D:\PROGRA~1\WINDOW~1\wbsrv.dll 12/06/2005 09:16 PM 176128 D:\PROGRA~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8711 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-14 22:45:43 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 88%
Physical Memory (total/avail): 511.36 MiB / 57.02 MiB
Pagefile Memory (total/avail): 1250.01 MiB / 670.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.83 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 13.97 GiB total, 5.43 GiB free.
D: is Fixed (NTFS) - 129.07 GiB total, 11.39 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 3 partitions
\PARTITION0 - Unknown - 6.01 GiB
\PARTITION1 (bootable) - Installable File System - 13.97 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 129.07 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1201 [VPS 080614-1] v4.8.1201 (ALWIL Software) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"="D:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe:*:Enabled:tgcmd Module"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"D:\\LimeWire\\LimeWire.exe"="D:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Program Files\\Firefox\\firefox.exe"="D:\\Program Files\\Firefox\\firefox.exe:*:Enabled:Firefox"
"D:\\Program Files\\Pidgin\\pidgin.exe"="D:\\Program Files\\Pidgin\\pidgin.exe:*:Enabled:Pidgin"
"D:\\Program Files\\TVersity\\Media Server\\TVersity.exe"="D:\\Program Files\\TVersity\\Media Server\\TVersity.exe:*:Enabled:TVersity Media Server"
"D:\\Program Files\\Last.fm\\LastFM.exe"="D:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:Last.fm"
"C:\\WINDOWS\\system32\\lxctcoms.exe"="C:\\WINDOWS\\system32\\lxctcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\\Program Files\\Space Cowboy\\Res-Voip\\SCVoIP.exe"="D:\\Program Files\\Space Cowboy\\Res-Voip\\SCVoIP.exe:*:Enabled:SCVoIP MFC ?? ????"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"D:\\Program Files\\Eve\\bin\\ExeFile.exe"="D:\\Program Files\\Eve\\bin\\ExeFile.exe:*:Enabled:CCP ExeFile"
"D:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"="D:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel"
"D:\\Playonline\\SquareEnix\\PlayOnlineViewer\\pol.exe"="D:\\Playonline\\SquareEnix\\PlayOnlineViewer\\pol.exe:*:Enabled:PlayOnline Viewer"
"D:\\Program Files\\Flysis\\Launcher.atm"="D:\\Program Files\\Flysis\\Launcher.atm:Enabled:GameExe2"
"D:\\Program Files\\Flysis\\Res-Voip\\SCVoIP.exe"="D:\\Program Files\\Flysis\\Res-Voip\\SCVoIP.exe:Enabled:GameVoIP"
"D:\\Program Files\\AirRivals\\Launcher.atm"="D:\\Program Files\\AirRivals\\Launcher.atm:Enabled:GameExe2"
"D:\\Program Files\\AirRivals\\Res-Voip\\SCVoIP.exe"="D:\\Program Files\\AirRivals\\Res-Voip\\SCVoIP.exe:Enabled:GameVoIP"
"D:\\Program Files\\Digsby\\digsby.exe"="D:\\Program Files\\Digsby\\digsby.exe:*:Enabled:Digsby IM"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\Battleground Europe\\WW2_sse2.exe"="D:\\Program Files\\Battleground Europe\\WW2_sse2.exe:*:Enabled:WW2"
"C:\\Documents and Settings\\Inigo\\Local Settings\\Temp\\.tt189.tmp"="C:\\Documents and Settings\\Inigo\\Local Settings\\Temp\\.tt189.tmp:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Disabled:sysrest32.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Inigo\Application Data
CLASSPATH=.;"C:\Program Files\Java\j2re1.4.2_01\lib\ext\QTJava.zip";C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DESKTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Inigo
LOGONSERVER=\\DESKTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\PC Connectivity Solution\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Inigo\LOCALS~1\Temp
TMP=C:\DOCUME~1\Inigo\LOCALS~1\Temp
USERDOMAIN=DESKTOP
USERNAME=Inigo
USERPROFILE=C:\Documents and Settings\Inigo
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Inigo (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93B80FB1-7A23-11D3-B250-00105A1F4184}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Agere Systems AC'97 Modem --> agrsmdel
AirRivals 1.0.0.13 --> "D:\Program Files\AirRivals\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Aspell English Dictionary-0.50-2 --> "D:\Program Files\Aspell\unins001.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> D:\Program Files\Avast\aswRunDll.exe "D:\Program Files\Avast\Setup\setiface.dll",RunSetup
Combined Community Codec Pack 2007-07-22 --> "D:\Program Files\Combined Community Codec Pack\unins000.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DivX Web Player --> D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
ffdshow [rev 1324] [2007-07-01] --> "D:\Program Files\TVersity\ffdshow\unins000.exe"
FINAL FANTASY XI --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{678F6475-D227-432A-94FF-806178A34520}
FINAL FANTASY XI: Chains of Promathia --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3C0619B4-4A2C-4244-8077-488E420DF907}
FINAL FANTASY XI: Rise of the Zilart --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}
FINAL FANTASY XI: Treasures of Aht Urhgan --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A606C6FF-12E7-40BE-B777-D8F360FF00CD}
GNU Aspell 0.50-3 --> "D:\Program Files\Aspell\unins000.exe"
GTK+ Runtime 2.10.13 rev a (remove only) --> D:\Program Files\Pidgin\uninst.exe
HijackThis 2.0.2 --> "D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 8.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Officejet All-In-One Series --> C:\Program Files\HP\Digital Imaging\{AB8BDDBF-7965-4476-B9BC-ED8DFD603AA8}\setup\hpzscr01.exe -datfile hpwscr10.dat
HP Photo Printing Software --> C:\WINDOWS\IsUninst.exe -f"d:\program files\hp\Photo Printing\Uninstall.isu" -c"d:\program files\hp\Photo Printing\hpiunPC.dll
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HPSSupply --> MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.4.5 Basic --> "D:\Program Files\K-Lite Codec Pack\unins000.exe"
Last.fm 1.5.1.29527 --> "D:\Program Files\Last.fm\unins000.exe"
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
Malwarebytes' Anti-Malware --> "D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> D:\Program Files\Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Music Visualizer Library 1.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\setup.exe" -l0x9
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_eng_us_web.exe
Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvsy.inf
OpenMG Secure Module 3.3.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FA1C51C-6E35-42C1-B2EC-DC9FA1E20694}\Setup.exe" -l0x9 UNINSTALL
PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
Pidgin --> D:\Program Files\Pidgin\pidgin-uninst.exe
PlayGATE Setup --> D:\PROGRA~1\BATTLE~1\Playgate\UNWISE.EXE D:\PROGRA~1\BATTLE~1\Playgate\INSTALL.LOG
PlayOnline Viewer and Tetra Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{47004155-7376-403E-89E9-4C9F44AAF0D0}
POLUtils --> "D:\Windower (Latest)\POLUtils\uninstall.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Spybot - Search & Destroy --> "D:\Spybot - Search & Destroy\unins001.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TeamSpeak 2 RC2 --> "D:\Program Files\Team Speak\unins000.exe"
TVersity Codec Pack 1.1 --> D:\Program Files\TVersity\TVersity Codec Pack\uninst.exe
TVersity Media Server 0.9.10.8a beta --> D:\Program Files\TVersity\Media Server\uninst.exe
TVersity Media Server 0.9.11.3a beta --> D:\Program Files\TVersity\Media Server\uninst.exe
V CAST Music Manager --> D:\VCASTM~1\Setup.exe /remove /q0
VAIO BrightColor Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}\setup.exe" -l0x9
VAIO Help and Support --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Support --> "c:\program files\support.com\client\bin\tgfix.exe" /rm /nq
VAIO Survey Standalone --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}\setup.exe"
VideoLAN VLC media player 0.8.6d --> D:\Program Files\VLC\uninstall.exe
Videora iPod Converter 3.07 --> D:\Program Files\Videora Converter 3.07\uninstaller.exe
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Welcome to VAIO life --> "C:\Program Files\Sony\Welcome to VAIO life\unwise.exe" /A "C:\Program Files\Sony\Welcome to VAIO life\install.log" Uninstall Welcome to VAIO life
WindowBlinds --> D:\PROGRA~1\WINDOW~1\UNWISE.EXE D:\PROGRA~1\WINDOW~1\INSTALL.LOG
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1914 / Error
Event Submitted/Written: 06/14/2008 09:33:54 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module unknown, version 0.0.0.0, fault address 0x02bc0002.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type1836 / Error
Event Submitted/Written: 06/08/2008 10:47:02 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x66031a2c.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type1817 / Error
Event Submitted/Written: 06/07/2008 09:00:04 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type1816 / Error
Event Submitted/Written: 06/07/2008 06:13:49 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module firefox.exe, version 1.8.20080.40413, fault address 0x00440d9b.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type1802 / Error
Event Submitted/Written: 06/05/2008 00:37:42 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module unknown, version 0.0.0.0, fault address 0x0afdc012.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11043 / Error
Event Submitted/Written: 06/14/2008 10:01:55 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type11041 / Warning
Event Submitted/Written: 06/14/2008 09:53:21 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type11040 / Warning
Event Submitted/Written: 06/14/2008 09:39:40 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type11039 / Error
Event Submitted/Written: 06/14/2008 09:38:05 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.

Event Record #/Type11038 / Error
Event Submitted/Written: 06/14/2008 09:30:53 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-06-14 22:45:43 ------------
  • 0

#15
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Just a few fixes for now.
Will post back the rest after I completely analyze your log.

Next,

Click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /DAFT
Click on the Scan button.
Select everything it is displaying there
Click the Fix button.
Then rescan with DAFT again - it should say now that "All associations are OK"
Close DAFT if you receive that message.


Then

Right-click on Avast! icon on your system try.
Select On-Access Protection Control
Control Window will open. Just click on start then OK.

Finally,

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All then Uncheck All
Place a check on "File Associations" and "Security Center"
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP