[musikman]

Hello folks... my dad gave me his PC for me to clean up for him... unfortunately, it is running EXTREMELY slow and I'm not really sure why.

I uninstalled any and all programs I felt he didn't need since he got this PC from someone who moved and gave it to him as a gift... there was a lot of junk on it and I tried to get rid as much stuff as I could without effecting the major programs I felt he would need, but unfortunately, nothing I did seems to be working.

The following are the utility programs I ran on this PC to try and clean it up and speed it up as much as possible, but as I said, it's still VERY slow:

AVG (antivirus) - FULL system scan
Malwarebytes - FULL system scan
Ad-Aware - FULL system scan
Defragment - Defragmented entire C: drive

Can someone please take a look at this report and let me know what I should do next?? A MILLION thanks in advance!!!

Below is the HijackThis log:

(((((((((( HijackThis Log ))))))))))

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:41 PM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 216.34.131.135 www.porn.com porn.com
O1 - Hosts: 207.17.52.115 www.sex.com sex.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SmartShopper - Compare product prices - {679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: SmartShopper - Compare travel rates - {9E4DF170-217F-4658-A11F-590664542B73} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....=javadl.sun.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 6587 bytes

Edited by musikman, 03 March 2009 - 07:24 PM.

[Advertisements]

Anybody??? please help.

[musikman]

Anybody??? please help.

[andrewuk]

Hello musikman

welcome to geekstogo and sorry to keep you waiting.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review and a new hijackthis log

andrewuk

[musikman]

Thank you for your reply!

Below you will find the ComboFix report for your review.

(((((((((( ComboFix Log ))))))))))

ComboFix 09-03-06.02 - Tom Truong 2009-03-08 5:01:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.97 [GMT -4:00]
Running from: c:\documents and settings\Tom Truong\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tom Truong\Application Data\HbTools
c:\documents and settings\Tom Truong\Application Data\HbTools\v3.0\HbTools\static\2\btntrans.idx
c:\program files\siteicons
c:\windows\system32\ravideo.exe
c:\windows\system32\ture.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-08 to 2009-03-08 )))))))))))))))))))))))))))))))
.

2009-03-03 19:18 . 2009-03-03 19:18 <DIR> d-------- c:\program files\Trend Micro
2009-03-03 01:54 . 2009-03-03 01:51 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-03 01:54 . 2009-03-03 01:51 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-03 01:51 . 2009-03-03 01:51 <DIR> d-------- c:\program files\Java
2009-03-03 01:03 . 2009-03-07 21:45 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-03 00:56 . 2009-03-03 00:56 <DIR> d-------- c:\program files\Lavasoft
2009-03-03 00:56 . 2009-03-03 00:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-03 00:21 . 2009-03-03 00:41 <DIR> d-------- c:\program files\Auslogics
2009-03-03 00:21 . 2009-03-03 00:42 <DIR> d-------- c:\documents and settings\Tom Truong\Application Data\Auslogics
2009-03-02 23:10 . 2009-03-02 23:10 <DIR> d-------- c:\windows\system32\scripting
2009-03-02 23:09 . 2009-03-02 23:09 <DIR> d-------- c:\windows\system32\en
2009-03-02 23:09 . 2009-03-02 23:09 <DIR> d-------- c:\windows\l2schemas
2009-03-02 21:56 . 2008-12-20 19:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-02 21:56 . 2007-04-17 05:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-02 21:56 . 2007-03-08 01:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-02 21:56 . 2008-12-20 19:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-02 21:56 . 2008-12-20 19:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-02 21:56 . 2008-12-20 19:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-02 21:56 . 2008-12-20 19:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-02 21:56 . 2008-12-20 19:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-02 21:56 . 2008-12-19 05:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-02 20:32 . 2009-03-02 20:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-02 20:32 . 2009-03-02 20:32 <DIR> d-------- c:\documents and settings\Tom Truong\Application Data\Malwarebytes
2009-03-02 20:32 . 2009-03-02 20:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-02 20:32 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-02 20:32 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-02 20:10 . 2009-03-03 00:59 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-02 18:17 . 2009-03-04 13:15 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-02 18:08 . 2009-03-07 19:16 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-02 18:08 . 2009-03-02 18:08 <DIR> d-------- c:\program files\AVG
2009-03-02 18:08 . 2009-03-02 18:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-02 18:08 . 2009-03-02 18:08 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-02 18:08 . 2009-03-02 18:08 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-02 18:08 . 2009-03-02 18:08 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-02 18:00 . 2009-03-03 19:18 <DIR> d-------- C:\Setups
2009-03-02 17:36 . 2008-08-14 06:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-02 17:36 . 2008-08-14 06:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-02 17:36 . 2008-09-15 08:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-03-02 17:35 . 2008-08-14 05:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-02 17:35 . 2008-08-14 05:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-02 17:31 . 2008-10-24 07:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-02 17:30 . 2008-12-11 06:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-03-02 17:28 . 2008-10-15 12:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 05:36 --------- d-----w c:\program files\MSN Messenger
2009-03-03 05:35 --------- d-----w c:\program files\Windows Live Toolbar
2009-03-02 21:41 --------- d-----w c:\documents and settings\Tom Truong\Application Data\Yahoo!
2009-03-02 21:41 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-02 21:23 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-03-02 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2009-03-02 20:58 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-02 20:50 --------- d-----w c:\program files\Kodak
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-17 4800512]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-02 1601304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-02 18:08 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"aux1"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-03-07 21:45 515416 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 09:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-12-05 16:41 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-12-04 08:44 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a------ 2004-02-02 04:41 495616 c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
--a------ 2003-11-12 09:23 49152 c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
--a------ 2008-01-18 10:32 451896 c:\program files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
--a------ 2008-01-08 17:20 451896 c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-02-27 04:07 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-03 01:51 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-03 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-02 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-02 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-02 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-02 298264]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951120]
.
Contents of the 'Scheduled Tasks' folder

2009-03-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-07 21:45]

2009-03-08 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-06 14:05]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-gdimx - c:\windows\system32\gdimx.exe
MSConfigStartUp-h3aeb5fo - c:\program files\h3aeb5fo\h3aeb5fo.exe
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-MgXDMt - c:\program files\common files\system\yqo3l3.exe
MSConfigStartUp-MSGRAPH01 - c:\program files\common files\system\en722.exe
MSConfigStartUp-navapp - c:\program files\NavExcel\NavHelper\v2.0.4d\navapp.exe
MSConfigStartUp-pumd - c:\windows\system32\pumd.exe
MSConfigStartUp-ravideo - c:\windows\system32\ravideo.exe
MSConfigStartUp-rradio - c:\program files\common files\system\pbd92c3g.exe
MSConfigStartUp-Spyware-Cop - c:\progra~1\SPYWAR~1\Spyware-Cop.exe
MSConfigStartUp-ture - c:\windows\system32\ture.exe
MSConfigStartUp-VirtualCloneDrive - c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
MSConfigStartUp-vptray - c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://cnn.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0} - {EAFCCE2B-0048-4045-8FFF-AE08B28C8AE3} -
IE: {{9E4DF170-217F-4658-A11F-590664542B73} - {1DA1B162-9747-4fcb-A98C-6480BA731933} -
Trusted Zone: aol.com\free
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 05:07:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-08 5:14:07
ComboFix-quarantined-files.txt 2009-03-08 09:13:41

Pre-Run: 17,756,577,792 bytes free
Post-Run: 18,388,549,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

203 --- E O F --- 2009-03-08 08:04:22

[musikman]

Sorry... here's the "NEW" HighjackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:50 AM, on 3/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 216.34.131.135 www.porn.com porn.com
O1 - Hosts: 207.17.52.115 www.sex.com sex.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SmartShopper - Compare product prices - {679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: SmartShopper - Compare travel rates - {9E4DF170-217F-4658-A11F-590664542B73} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....=javadl.sun.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 6071 bytes

Edited by musikman, 08 March 2009 - 09:57 AM.

[andrewuk]

====STEP 1====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O1 - Hosts: 216.34.131.135 www.porn.com porn.com
O1 - Hosts: 207.17.52.115 www.sex.com sex.com

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.



====STEP 2====
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E4DF170-217F-4658-A11F-590664542B73}]

Domains::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



====STEP 3====
lets also make sure your hosts file is clean:

• Open HiJackThis
• Click on the "Config..." button on the bottom right. Click on the tab "Misc Tools" . . . . . or click on ""Open the misc Tools section"
• Check off the 2 boxes next to the Box that says "Generate StartupList log"
• Click on the button "Generate StartupList log"
• Copy and past the StartupList from the notepad into your next post

the log may be too long to copy and paste, it so, could you attach the log to your reply:

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

In your next reply could i see:
1. the combofix log
2. a new hijackthis log
3. the hosts file log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

[musikman]

(((((((((( ComboFix Log ))))))))))

ComboFix 09-03-06.02 - Tom Truong 2009-03-08 14:31:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.72 [GMT -4:00]
Running from: c:\documents and settings\Tom Truong\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom Truong\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-08 to 2009-03-08 )))))))))))))))))))))))))))))))
.

2009-03-03 19:18 . 2009-03-03 19:18 <DIR> d-------- c:\program files\Trend Micro
2009-03-03 01:54 . 2009-03-03 01:51 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-03 01:54 . 2009-03-03 01:51 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-03 01:51 . 2009-03-03 01:51 <DIR> d-------- c:\program files\Java
2009-03-03 01:03 . 2009-03-07 21:45 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-03 00:56 . 2009-03-03 00:56 <DIR> d-------- c:\program files\Lavasoft
2009-03-03 00:56 . 2009-03-03 00:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-03 00:21 . 2009-03-03 00:41 <DIR> d-------- c:\program files\Auslogics
2009-03-03 00:21 . 2009-03-03 00:42 <DIR> d-------- c:\documents and settings\Tom Truong\Application Data\Auslogics
2009-03-02 23:10 . 2009-03-02 23:10 <DIR> d-------- c:\windows\system32\scripting
2009-03-02 23:09 . 2009-03-02 23:09 <DIR> d-------- c:\windows\system32\en
2009-03-02 23:09 . 2009-03-02 23:09 <DIR> d-------- c:\windows\l2schemas
2009-03-02 21:56 . 2008-12-20 19:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-02 21:56 . 2007-04-17 05:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-02 21:56 . 2007-03-08 01:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-02 21:56 . 2008-12-20 19:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-02 21:56 . 2008-12-20 19:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-02 21:56 . 2008-12-20 19:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-02 21:56 . 2008-12-20 19:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-02 21:56 . 2008-12-20 19:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-02 21:56 . 2008-12-19 05:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-02 20:32 . 2009-03-02 20:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-02 20:32 . 2009-03-02 20:32 <DIR> d-------- c:\documents and settings\Tom Truong\Application Data\Malwarebytes
2009-03-02 20:32 . 2009-03-02 20:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-02 20:32 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-02 20:32 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-02 20:10 . 2009-03-03 00:59 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-02 18:17 . 2009-03-08 12:15 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-02 18:08 . 2009-03-07 19:16 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-02 18:08 . 2009-03-02 18:08 <DIR> d-------- c:\program files\AVG
2009-03-02 18:08 . 2009-03-08 14:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-02 18:08 . 2009-03-02 18:08 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-02 18:08 . 2009-03-02 18:08 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-02 18:08 . 2009-03-02 18:08 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-02 18:00 . 2009-03-03 19:18 <DIR> d-------- C:\Setups
2009-03-02 17:36 . 2008-08-14 06:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-02 17:36 . 2008-08-14 06:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-02 17:36 . 2008-09-15 08:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-03-02 17:35 . 2008-08-14 05:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-02 17:35 . 2008-08-14 05:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-02 17:31 . 2008-10-24 07:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-02 17:30 . 2008-12-11 06:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-03-02 17:28 . 2008-10-15 12:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 05:36 --------- d-----w c:\program files\MSN Messenger
2009-03-03 05:35 --------- d-----w c:\program files\Windows Live Toolbar
2009-03-02 21:41 --------- d-----w c:\documents and settings\Tom Truong\Application Data\Yahoo!
2009-03-02 21:41 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-02 21:23 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-03-02 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2009-03-02 20:58 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-02 20:50 --------- d-----w c:\program files\Kodak
.

((((((((((((((((((((((((((((( SnapShot@2009-03-08_ 5.10.47.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-08 08:47:22 39,992 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-08 09:28:41 39,992 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-08 08:47:22 311,604 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-08 09:28:41 311,604 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-08 09:23:32 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_198.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-17 4800512]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-13 169984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-02 18:08 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"aux1"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-03-07 21:45 515416 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2009-03-02 18:08 1601304 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 09:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-12-05 16:41 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-12-04 08:44 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a------ 2004-02-02 04:41 495616 c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
--a------ 2003-11-12 09:23 49152 c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
--a------ 2008-01-18 10:32 451896 c:\program files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
--a------ 2008-01-08 17:20 451896 c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-02-27 04:07 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-03 01:51 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-03 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-02 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-02 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-02 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-02 298264]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951120]
.
Contents of the 'Scheduled Tasks' folder

2009-03-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-07 21:45]

2009-03-08 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-06 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cnn.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 14:36:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-08 14:41:14
ComboFix-quarantined-files.txt 2009-03-08 18:40:59
ComboFix2.txt 2009-03-08 09:14:14

Pre-Run: 18,388,434,944 bytes free
Post-Run: 18,373,513,216 bytes free

181 --- E O F --- 2009-03-08 08:04:22

Edited by musikman, 08 March 2009 - 12:50 PM.

[musikman]

(((((((((( HijackThis Log ))))))))))

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:35 PM, on 3/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....=javadl.sun.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 5729 bytes

[musikman]

(((((((((( Host File Log ))))))))))

StartupList report, 3/8/2009, 2:45:05 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16791)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Tom Truong\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
MSConfig = C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\ComFile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
WormRadar.com IESiteBlocker.NavFilter - C:\Program Files\AVG\AVG8\avgssie.dll - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Ad-Aware Update (Weekly).job
HP Usg Daily.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Java Plug-in 1.6.0_12]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.ma...t/ultrashim.cab

[Java Plug-in 1.6.0_12]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.6.0_12]
InProcServer32 = C:\Program Files\Java\jre6\bin\npjpi160_12.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG Free8 E-mail Scanner: C:\PROGRA~1\AVG\AVG8\avgemc.exe (autostart)
AVG Free8 WatchDog: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (autostart)
AVG Free AVI Loader Driver x86: \SystemRoot\System32\Drivers\avgldx86.sys (system)
AVG Free On-access Scanner Minifilter Driver x86: \SystemRoot\System32\Drivers\avgmfx86.sys (system)
AVG Free8 Network Redirector: \SystemRoot\System32\Drivers\avgtdix.sys (system)
basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Creative SBLive! Gameport: System32\DRIVERS\ctljystk.sys (manual start)
Kodak Camera Proxy: System32\DRIVERS\DcCam.sys (system)
DcFpoint: System32\DRIVERS\DcFpoint.sys (manual start)
Kodak DCFS2K Driver: system32\drivers\dcfs2k.sys (autostart)
Legacy Polling Service: System32\DRIVERS\DcLps.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
dcptp: System32\DRIVERS\DcPTP.sys (manual start)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver: System32\DRIVERS\DM9PCI5.SYS (manual start)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel® PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
ElbyVCD: System32\DRIVERS\ElbyVCD.sys (system)
Creative SB Live! (WDM): system32\drivers\emu10k1m.sys (manual start)
Creative Interface Manager Driver (WDM): system32\drivers\ctlfacem.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Exportit: System32\DRIVERS\exportit.sys (system)
Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start)
HSFHWBS2: System32\DRIVERS\HSFBS2S2.sys (manual start)
HSF_DP: System32\DRIVERS\HSFDPSP2.sys (manual start)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: %systemroot%\system32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Java Quick Starter: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" (autostart)
K56: System32\DRIVERS\HSF_K56K.sys (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: System32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Kodak Camera Connection Software: %SystemRoot%\system32\drivers\KodakCCS.exe (autostart)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lavasoft Ad-Aware Service: "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" (autostart)
Lbd: system32\DRIVERS\Lbd.sys (system)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Logitech USB Monitor Filter: system32\drivers\LVUSBSta.sys (manual start)
mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Pure Networks Net2Go Service: "C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (manual start)
Pure Networks Platform Service: "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" (autostart)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OMCI: \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS (system)
Office Source Engine: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Volume Adapter: system32\DRIVERS\lv302af.sys (manual start)
Logitech QuickCam IM(PID_PEPI): system32\DRIVERS\LV302V32.SYS (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start)
Pure Networks Device Discovery Driver: system32\DRIVERS\pnarp.sys (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Pure Networks Wireless Driver: system32\DRIVERS\purendis.sys (autostart)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Creative SoundFont Manager Driver (WDM): system32\drivers\sfmanm.sys (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
smwdm: system32\drivers\smwdm.sys (manual start)
SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)
spkrmon: C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{08605641-7275-4A94-A4B0-66E24B083DAC} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
Tones: System32\DRIVERS\HSF_TONE.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
V124: System32\DRIVERS\HSF_V124.sys (autostart)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
winachsf: System32\DRIVERS\HSFCXTS2.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\test0123 => C:\Qoobox\Quarantine\C\MoveEx_test0123.vir|||

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 35,165 bytes
Report generated in 0.391 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

[andrewuk]

oops, my fault, wrong part of the hijackthis section . . . . . .

• Open HiJackThis
• Click on the "Config..." button on the bottom right and Click on the tab "Misc Tools" . . . . . or click on ""Open the misc Tools section"
• Click on "Open Hosts File Manager"
• when the list has been populated click on "Open in notepad"
• Copy and past the log from the notepad into your next post

it may be too long to paste, so you may have to attach it:

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

andrewuk

[musikman]

I don't know if this seems right, but I followed your steps above and this is what I got:


# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Edited by musikman, 08 March 2009 - 01:33 PM.

[andrewuk]

that looks good.

in this post we will do some general scans to clear out the remnants and ensure nothing else sneaked onto your machine.

the scans will likely take 4 hours, quite possibly much longer. so just let them run.


====STEP 1====
Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



====STEP 2====
we will update and re-run your malwarebytes:

double click the malwarebytes icon on your desktop to open the program

• on the tabs at the top, select Update and then press the Check for Updates button on that page. If an update is found, it will download and install the latest version.
• once complete (a new version of malwarebytes may download) select the tab Scanner
• select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



====STEP 3====
Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

====STEP 4====
Please do an online scan with Kaspersky WebScanner (this will identify any issues, we will clear them in the following post)

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 12.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u11-windows-i586-p.exe and select "Run as an Administrator.")

In your next reply could i see:
1. the malwarebytes log
2. the superantispyware log
3. the kaspersky log
4. a new hijackthis log
5. some idea of how your machine is running now

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

[musikman]

(((((((((( Super Antispyware Log ))))))))))

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/09/2009 at 00:37 AM

Application Version : 4.25.1014

Core Rules Database Version : 3788
Trace Rules Database Version: 1745

Scan type : Complete Scan
Total Scan Time : 00:50:30

Memory items scanned : 392
Memory threats detected : 0
Registry items scanned : 4726
Registry threats detected : 0
File items scanned : 19876
File threats detected : 311

Adware.Tracking Cookie
data.coremetrics.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
servedby.advertising.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
sec1.liveperson.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
sec1.liveperson.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.bizrate.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.bizrate.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.bizrate.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.bizrate.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
ad.zanox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
anat.tacoda.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.maxserving.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.roiservice.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
media.hotels.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.linksynergy.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.linksynergy.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
counter.hitslink.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.keywordmax.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.phg.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ehg-summitprojects.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.buycom.122.2o7.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
citi.bridgetrack.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.qnsr.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.qnsr.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.qnsr.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.cbs.112.2o7.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.americanexpress.122.2o7.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.paypal.112.2o7.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
ads.bridgetrack.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
ads.bridgetrack.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.e-2dj6wjk4khdzghq.stats.esomniture.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.icc.intellisrv.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.e-2dj6wfloeodzmlp.stats.esomniture.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.dealnews.122.2o7.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ehg-bestbuy.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ehg-bestbuy.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
stats.manticoretechnology.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.e-2dj6wfliehazoao.stats.esomniture.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.nextstat.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.nextstat.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.nextstat.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.nextstat.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.nextstat.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ehg-tigerdirect2.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.as-us.falkag.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.creditpaymentservices.122.2o7.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ad101com.adbureau.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.e-2dj6wjl4cjajmkp.stats.esomniture.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.e-2dj6wjmiugczwfp.stats.esomniture.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
pt.crossmediaservices.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.e-2dj6wjnysidpslq.stats.esomniture.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.e-2dj6wflokkdjsfo.stats.esomniture.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.e-2dj6wfkysoazwhq.stats.esomniture.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.e-2dj6wgkyekajwap.stats.esomniture.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.e-2dj6wjkoegdjwgq.stats.esomniture.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.e-2dj6wfmiomczwho.stats.esomniture.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.sexxyeyes.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.sexxyeyes.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
image.masterstats.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.webpower.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.z1.adserver.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.z1.adserver.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.saksfifthavenue.122.2o7.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ehg-newegg.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.ford.112.2o7.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\huho8g4c.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
www.burstnet.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
tag.adknowledge.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.videoegg.adbureau.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.traffic.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
my.traffic.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.traffic.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.traffic.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
www.traffic.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.adbureau.traffic.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
data.coremetrics.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.consumergain.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.consumergain.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.traveladvertising.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.trvlnet.adbureau.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.adserver.adtechus.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ezgds.112.2o7.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
ads.bridgetrack.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
ads.bridgetrack.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.mediabuys.yourdegree.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.mediabuys.yourdegree.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ehg-verizon.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ehg-verizon.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ehg-verizon.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.leapfrogonline.112.2o7.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
anat.tacoda.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.beautyencounter.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
www.beautyencounter.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
www.beautyencounter.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.imeem.112.2o7.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.discounttiredirect.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.discounttiredirect.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
www.discounttiredirect.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.discounttire.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.discounttire.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
www.discounttire.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.discounttire.122.2o7.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.microsoftwindows.112.2o7.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.coolsavings.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.coolsavings.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.qinteractive.112.2o7.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ehg-applevac.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.clickauditor.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ehg-accuweather.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ehg-lgusa.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.backlinxxx.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.backlinxxx.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.backlinxxx.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.adservingml.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
oas.adservingml.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
.ehg-advertisementbv.hitbox.com [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Tom Truong\Application Data\Mozilla\Firefox\Profiles\t1dysgez.alex\cookies.txt ]

[andrewuk]

looks like superantispyware log was too long and got cut off, and i am guessing therefore cut off the other logs? seems it may have only found cookies though.

this is going to be a bore i know, but could you paste the other logs in a reply . . . . . . . the bore bit is that you may need to re-run them. i would stick to one log per reply in case they are too long.

andrewuk

[musikman]

Hey Andrew... thanks for all your help so far!

I will post the test results as soon as I'm done running them... had to restart KasperSky a couple of times because it would start scanning and then it would get hung up at around 96%, so I'm currently running another scan, but as I said, as soon as I'm done running all the scans I'll post them again and I'll make sure that they don't get cut-off.