tt5.tmp.vbs script file not found error HELP HELP PLZ!

izzo62 · Jun 21, 2008

out of nowhere i started getting a blue screen telling me there is a problem and somthing in programmer lingo. I can still do everything normally sort of but it keeps acting like im gonna crash. and i get the scrpit message. also my desktop background is just a bright blue now for some reason. I would really appreciate the help

Thanks 4 reading.

2oldGeek · Jun 21, 2008

Hi izzo62,

Let’s first do a generic cleanup and get some Logs so your problems can be analyzed…

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.

Please download and install SUPERAntiSpyware Free
• Double-click SUPERAntiSypware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)[/i]
• Under the "Configuration and Preferences", click the Preferences... button.
• Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
• Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen and exit the program.
• Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
• Under Main "Select Files to Delete" choose: Select All.
• Click the Empty Selected button.
• If you use Firefox browser click Firefox at the top and choose: Select All
• Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
• If you use Opera browser click Opera at the top and choose: Select All
• Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
• Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
• Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes" and reboot normally.
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Reboot to Normal Mode

Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
• Doubleclick HJTInstall.exe to install it.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Copy/Paste the log to your next reply please.

Please reply with the HJT Log and SUPERAntiSpyware Log and we’ll go from there…..

2OG

bishaym · Jun 22, 2008

Hi,

I'm also having the EXACT same problem that started yesterday. PLEASE HELP!! I followed the directions in this post, the logs are listed below. Even after following instructions, I'm having the same problems...my computer seems to run fine but I'm having the following issues:

1. My wallpaper went to a blue screen that says "warning spyware has been detected on your computer" (which I can't change)
2. "Malware Protector 2008" keeps trying to run a scan and wants me to buy their stuff.
3. When my screensaver kicks in, a version of the blue screen of death pops up (I press esc and it goes away)
4. Upon reboot I get a pop of of something called "BlueScreen Screen Saver Configure" with an advertisement from Sysinternals.
5. Every time I reboot I get the message "Can not find script file "C:\Documents and Settings\[Name]\Local Settings\Temp\.tt1.tmp.vbs"
------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/22/2008 at 01:33 PM

Application Version : 4.15.1000

Core Rules Database Version : 3469
Trace Rules Database Version: 1478

Scan type : Complete Scan
Total Scan Time : 02:57:30

Memory items scanned : 152
Memory threats detected : 0
Registry items scanned : 6023
Registry threats detected : 277
File items scanned : 108933
File threats detected : 34

Adware.Avenue Media
[Mkmpme] C:\PROGRAM FILES\NGNXU\IBKP.EXE
C:\PROGRAM FILES\NGNXU\IBKP.EXE
[Internet Optimizer] C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE

IEDriver (Cydoor) Stealth Redirector
[iedriver] C:\WINDOWS\SYSTEM32\IEDRIVER.EXE
C:\WINDOWS\SYSTEM32\IEDRIVER.EXE

Trojan.Downloader-WinMedia
[Winsvr] C:\WINDOWS\CPU5632.EXE
C:\WINDOWS\CPU5632.EXE

Adware.IST/ISTBar (Slotch Bar)
C:\Program Files\ISTBar\istbar.dll
C:\Program Files\ISTBar
HKU\S-1-5-21-849902339-1739560297-3031995086-1006\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Adware.Avenue Media/Internet Optimizer
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#UninstallString
HKU\S-1-5-21-849902339-1739560297-3031995086-1006\Software\Avenue Media
HKLM\Software\Avenue Media
HKLM\Software\Avenue Media\Internet Optimizer
HKLM\Software\Avenue Media\Internet Optimizer#TargetDir
HKLM\Software\Avenue Media\Internet Optimizer#CLS
HKLM\Software\Avenue Media\Internet Optimizer#RID
HKLM\Software\Avenue Media\Internet Optimizer#Version
HKLM\Software\Avenue Media\Internet Optimizer#TAC
HKLM\Software\Avenue Media\Internet Optimizer#ServerVisited
HKLM\Software\Avenue Media\Internet Optimizer#UpdateInterval
HKLM\Software\Avenue Media\Internet Optimizer#ID
HKLM\Software\Avenue Media\Internet Optimizer#InstallT
HKLM\Software\Avenue Media\Internet Optimizer#remember[LLT]
HKLM\Software\Avenue Media\Internet Optimizer#Conn
HKLM\Software\Avenue Media\Internet Optimizer#403
HKLM\Software\Avenue Media\Internet Optimizer#404
HKLM\Software\Avenue Media\Internet Optimizer#410
HKLM\Software\Avenue Media\Internet Optimizer#500
HKLM\Software\Avenue Media\Internet Optimizer#PendingRemoval
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#Version
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#Target
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#RI74
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#RILast
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#RI77
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#RI75
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#RI73
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#Version
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf3
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf3#RawData
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf3#Data
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf3#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf3#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf3#Version
HKLM\Software\Avenue Media\Internet Optimizer\anything
HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1
HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1#Version
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#Version
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#ModuleFileName
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#Options
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#RawData
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#Data
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#Version
HKLM\Software\Avenue Media\Internet Optimizer\RO
HKLM\Software\Avenue Media\Internet Optimizer\RO\Upgrade
HKLM\Software\Avenue Media\Internet Optimizer\RO\Upgrade#Url
HKLM\Software\Avenue Media\Internet Optimizer\RO\Upgrade#Name
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer#Version
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer#Target
HKLM\Software\Avenue Media\Internet Optimizer\WSE
HKLM\Software\Avenue Media\Internet Optimizer\WSE#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE#Options
HKLM\Software\Avenue Media\Internet Optimizer\WSE#ModuleFileName
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1443
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1442
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1440
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI954
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19978
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19968
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19981
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19967
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1435
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1423
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19997
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22159
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1422
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22802
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19995
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22008
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20077
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19986
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2142
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16935
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19979
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22053
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22252
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22220
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22223
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2279
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506507
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2179
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506374
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506402
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2155
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2243
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506430
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI50543
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI969
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506462
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2278
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19971
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22671
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI972
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21889
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21895
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20369
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20001
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20085
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16756
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1437
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI500687
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20121
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19994
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2481
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20860
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506451
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19975
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI50417
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1383
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2148
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16617
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21852
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2160
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22761
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21774
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2147
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI17878
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21252
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22763
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22759
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22758
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1427
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16999
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1543
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16419
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI507489
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2075
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2084
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI50097
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1547
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI918
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2145
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506203
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI508919
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19970
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19622
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20568
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21593
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19976
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2514
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1436
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22756
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI683
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI534417
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21732
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1546
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19319
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI508703
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI531350
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI507768
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506145
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20004
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI532657
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI530831
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19996
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1439
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510438
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506558
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI506440
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2489
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI534512
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1398
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI118
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI535998
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510505
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI507549
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16467
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19623
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI534458
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22337
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21956
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2078
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI534005
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI534323
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI534431
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510793
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1551
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20003
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI536071
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI535284
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI536111
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI533995
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2540
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2531
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16433
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2533
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20005
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI809
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2523
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21851
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI509426
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf1
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf1#RawData
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf1#Data
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf1#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf1#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf1#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#RawData
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#Data
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#Last
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#StartT
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#Num
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf3
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf3#RawData
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf3#Data
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf3#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf3#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf3#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#RawData
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#Data
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#RawData
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#Data
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf5#Version
HKU\S-1-5-21-849902339-1739560297-3031995086-1006\SOFTWARE\Policies\Avenue Media
HKLM\SOFTWARE\Policies\Avenue Media
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Internet Optimizer\update\actalert.exe
C:\Program Files\Internet Optimizer\update\optimize311.exe
C:\Program Files\Internet Optimizer\update\optimize312.exe
C:\Program Files\Internet Optimizer\update\optimize313.exe
C:\Program Files\Internet Optimizer\update\optimize314.exe
C:\Program Files\Internet Optimizer\update\rogue.exe
C:\Program Files\Internet Optimizer\update
C:\Program Files\Internet Optimizer
HKU\S-1-5-21-849902339-1739560297-3031995086-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

Adware.MyWay
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#pid
HKLM\Software\MyWay\myBar#CurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#pl
HKLM\Software\MyWay\myBar#Id
HKLM\Software\MyWay\myBar#CacheDir
HKLM\Software\MyWay\myBar#HistoryDir
HKLM\Software\MyWay\myBar#Visible
HKLM\Software\MyWay\myBar#SettingsDir
HKLM\Software\MyWay\myBar#ConfigRevisionURL
HKLM\Software\MyWay\myBar#ConfigDateStamp
HKLM\Software\MyWay\myBar#Maximized
HKLM\Software\MyWay\SearchAssistant
HKLM\Software\MyWay\SearchAssistant#Dir
HKLM\Software\MyWay\SearchAssistant#pid
HKLM\Software\MyWay\SearchAssistant#CurInstall
HKLM\Software\MyWay\SearchAssistant#sr
HKLM\Software\MyWay\SearchAssistant#pl
HKLM\Software\MyWay\SearchAssistant#Id
HKLM\Software\MyWay\SearchAssistant#CacheDir
HKLM\Software\MyWay\SearchAssistant#ConfigDateStamp
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UrlInfoAbout

Rogue.Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\Username\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk

Adware.Tracking Cookie
.atdmt.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ad.doubleclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.kelleybluebook.112.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
web4.realtracker.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ehg-accenture.hitbox.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ehg-accenture.hitbox.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ehg-accenture.hitbox.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.macombcountymi.gov [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.macombcountymi.gov [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
anad.tacoda.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.dmtracker.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.nextag.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.network.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
www.burstnet.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.roiservice.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.ehg-nelnetinc.hitbox.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
adserving.autotrader.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.nbcuniversal.122.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.lenovo.112.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
ads.bridgetrack.com [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]
.toyota.112.2o7.net [ C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\xlw82cyf.default\cookies.txt ]

Adware.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\MUIQ\MUIQD\CLASS-BARREL
C:\PROGRAM FILES\COMMON FILES\MUIQ\MUIQD\VOCABULARY

Trojan.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\MUIQ\MUIQL.EXE

Trojan.Downloader-Gen
C:\PROGRAM FILES\COMMON FILES\MUIQ\MUIQP.EXE

Adware.180solutions/Seekmo/Zango
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000196.EXE

Trojan.WinSoftware/WinFixer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000762.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000764.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWFX5_0001_MNINETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWFX5_0001_N56M0311NETINSTALLER.EXE

Adware.180solutions/Search Assistant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0001139.DLL

Trojan.ErrorSafe
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\UERS_9999_N91S2507NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UERS_9999_N91S2507NETINSTALLER.EXE

--------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49:58, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\lphcv6pj0erd1.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\shcp6pj0erd1\shcp6pj0erd1.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [lphcv6pj0erd1] C:\WINDOWS\system32\lphcv6pj0erd1.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SMshcp6pj0erd1] C:\Program Files\shcp6pj0erd1\shcp6pj0erd1.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SMrhcr6pj0erd1] C:\Program Files\rhcr6pj0erd1\rhcr6pj0erd1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Zinaps2008] "C:\Documents and Settings\Username\Application Data\Zinaps2008\Zinaps.exe" /MIN
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Palm Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://primis.ebrary.com/support/plugins/ebraryRdr.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {416792D8-F532-493A-BECC-1C99A1501FF9} (vmLaunch Class) - http://media2.comcast.net/anon.comcastonline2/onleng/downloads/VideoMail/vmLauncher2.cab
O16 - DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} (Camtronics Medical Systems Web Viewer) - file://C:\Documents and Settings\Username\Desktop\MRI\vwr_data\WebVwr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13856 bytes

2oldGeek · Jun 23, 2008

Hi bishaym,

Go here and follow the instructions => malware-protector-2008-removal-instructions

2OG

cdavfrew · Jun 23, 2008

Hi bishaym

In your HijackThis log, please fix the following entries:

O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [lphcv6pj0erd1] C:\WINDOWS\system32\lphcv6pj0erd1.exe
O4 - HKLM\..\Run: [SMshcp6pj0erd1] C:\Program Files\shcp6pj0erd1\shcp6pj0erd1.exe
O4 - HKLM\..\Run: [SMrhcr6pj0erd1] C:\Program Files\rhcr6pj0erd1\rhcr6pj0erd1.exe

You will also have to do the instructions whihc 2oldgeek suggested in safe mode. Please note that the name of files and folders like "shcp6pj0erd1" are not fixed, and will vary to other names like rhcr6pj0erd1. You have to be flexible.

In other cases, I have noted that the Desktop and Screensaver tab in Display Properties disappear. To reenable this, download this fix and apply it in normal mode. http://www.kellys-korner-xp.com/regs_edits/desktoptab.reg

Here are other websites which also contain instructions on the removal of Malware Protector 2008. Altogether, they should provide enough information on the complete removal of Malware Protector.

http://www.2-spyware.com/remove-malware-protector-2008.html
http://www.spyware-techie.com/malware-protector-2008-removal-guide/
http://www.precisesecurity.com/threats/malwareprotector2008/

Best Regards

2oldGeek · Jun 23, 2008

Check out your suggested links, cdavfrew.

All 3 of these sites are linked to malware and banned by my Host file..

http://www.2-spyware.com/remove-malware-protector-2008.html
http://www.spyware-techie.com/malware-pr...-removal-guide/
http://www.precisesecurity.com/threats/malwareprotector2008/

Don’t take your puppy to a flea circus….. lol

cdavfrew · Jun 23, 2008

Hey 2oldgeek.

YOu might want to check those websites out: many antivirus vendors I know link to them, and they are definitely not bad websites. I search through all the malware databases involving malicious websites and find nothing concerning those websites.... In fact, MRU actually has links to those websites!

Best Regards

2oldGeek · Jun 23, 2008

Hey cdavfrew, I didn’t say they were Bad sites. I said they had Links to bad sites and were Banned in MY Host file…… As I have told you, I have over 300.000 sites in my Host file…. That may be paranoia, but it keeps me clean. Clean, but difficult to research anything without turning the Host file off and using Returnil…… LOL

bishaym · Jun 23, 2008

2oldgeek/cdavfrew:

Thank you both for your input, the link to get back my background/wallpaper options was especially useful. I think I was successful in removing all the files.

Do either of you have any recommendations of what to use to stop this from happening again, or at least try to stop it?

Once again, thanks to you both.

2oldGeek · Jun 24, 2008

Your very welcome, bishaym.

Hope it all works out for you, if not just give a holler………..

Have a “Happy”

2OG

cdavfrew · Jun 24, 2008

Yes, you're welcome bishaym. I do wonder what happened to izzo62

As for preventing such a case again, here are a few tips as to how:

1. Malware can take advantage of exploits in outdated versions of java. Updating your java is a great way of defense.

2. Good antimalware are always needed. Antivir and Superantispyware are my recommendation, whether you want them paid or free, as they surpass most in detection and speed. Make sure to scan every file you download before opening them.

3. A secure browsing experience is the best browsing experience. Make sure your browser is always fully updated, and if you want, editing your hosts file to block the bad sites is always good as well. MVPS is a free way to do that.

These are just the basics on how to block most malware. There are other ways as well, such as firewalls, HIPS, etc etc. Read about them if you want, and apply it accordingly. Also remember to be cautious before trusting any product, as people can be tricked into downloading rogue antimalwares like Malware Protector.

Best Regards

2oldGeek · Jun 24, 2008

cdavfrew,

These are just the basics on how to block most malware. There are other ways as well, such as firewalls, HIPS, etc etc. Read about them if you want, and apply it accordingly. Also remember to be cautious before trusting any product, as people can be tricked into downloading rogue antimalwares like Malware Protector.
Click to expand...

Take the time to read my signature…… LOL

cdavfrew · Jun 24, 2008

Haha, well, even though experience does give knowledge that reading does not, reading gives comfort that experience does not.

Best Regards

2oldGeek · Jun 24, 2008

Good judgment comes from experience and experience comes from a Lot of Bad judgment………………..

ohnoez · Jun 28, 2008

Hello, this same thing happened to me today. I've followed the instructions provided so far, so I'm pasting my logs in hopes that someone could help me get rid of this as well! The spyware scan itself took almost 6 hours, so as you can imagine this has me really frustrated. Thanks so much for any help.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/28/2008 at 09:41 PM

Application Version : 4.15.1000

Core Rules Database Version : 3493
Trace Rules Database Version: 1484

Scan type : Complete Scan
Total Scan Time : 05:50:32

Memory items scanned : 170
Memory threats detected : 0
Registry items scanned : 4832
Registry threats detected : 90
File items scanned : 148380
File threats detected : 25

Adware.Avenue Media/Internet Optimizer
HKLM\Software\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32#ThreadingModel
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\Programmable
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib
HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID
C:\WINDOWS\NEM220.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#Comment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#DComment
HKU\S-1-5-21-1729645872-1724147199-1570633615-1007\SOFTWARE\Policies\Avenue Media
HKLM\SOFTWARE\Policies\Avenue Media

www.mx-targeting
HKLM\Software\Classes\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}
HKCR\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}
HKCR\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}
HKCR\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}\InprocServer32
HKCR\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}\InprocServer32#ThreadingModel
HKCR\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}\ProgID
HKCR\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}\Programmable
HKCR\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}\TypeLib
HKCR\CLSID\{0000607D-D204-42C7-8E46-216055BF9918}\VersionIndependentProgID
C:\WINDOWS\MXTARGET.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000607D-D204-42C7-8E46-216055BF9918}

Adware.IE Plugin Variant
HKLM\Software\Classes\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
HKCR\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
HKCR\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
HKCR\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\InprocServer32
HKCR\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\InprocServer32#ThreadingModel
HKCR\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\ProgID
HKCR\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\Programmable
HKCR\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\TypeLib
HKCR\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}\VersionIndependentProgID
C:\WINDOWS\SYSTB.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}

Browser Hijacker.Srng/ShopNav
HKLM\Software\Classes\CLSID\{14b3d246-6274-40b5-8d50-6c2ade2ab29b}
HKCR\CLSID\{14B3D246-6274-40B5-8D50-6C2ADE2AB29B}
HKCR\CLSID\{14B3D246-6274-40B5-8D50-6C2ADE2AB29B}
HKCR\CLSID\{14B3D246-6274-40B5-8D50-6C2ADE2AB29B}\InprocServer32
HKCR\CLSID\{14B3D246-6274-40B5-8D50-6C2ADE2AB29B}\InprocServer32#ThreadingModel
HKCR\CLSID\{14B3D246-6274-40B5-8D50-6C2ADE2AB29B}\ProgID
HKCR\CLSID\{14B3D246-6274-40B5-8D50-6C2ADE2AB29B}\Programmable
HKCR\CLSID\{14B3D246-6274-40B5-8D50-6C2ADE2AB29B}\VersionIndependentProgID
C:\PROGRAM FILES\SRNG\SNHELPER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14b3d246-6274-40b5-8d50-6c2ade2ab29b}

Spyware.WebSearch (WinTools/HuntBar)
HKLM\Software\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}\InprocServer32
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}\InprocServer32#ThreadingModel
C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLST.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
C:\Program Files\Common Files\WinTools\iwuivj.wzg
C:\Program Files\Common Files\WinTools\WToolsT.dll
C:\Program Files\Common Files\WinTools

Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-1729645872-1724147199-1570633615-1007\Software\IST
C:\UNZIPPED\LIMEWIRE PRO\SETUP.EXE

Adware.WebNexus
HKU\S-1-5-21-1729645872-1724147199-1570633615-1007\Software\intexp

Adware.TargetSavers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#UninstallString

Adware.IEPlugin
HKCR\Remove

Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-1729645872-1724147199-1570633615-1007\Software\Microsoft\Internet Explorer\Main#Search Bar [ http://www.2020search.com/search/9884/search.html ]

Adware.MyWay
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0\win32
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\FLAGS
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\HELPDIR
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#ShzmCurInstall
HKLM\Software\MyWay\myBar#pid
HKLM\Software\MyWay\myBar#strings
HKLM\Software\MyWay\myBar#CurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#Id
HKLM\Software\MyWay\myBar#Build
HKLM\Software\MyWay\myBar#CacheDir
HKLM\Software\MyWay\myBar#HistoryDir
HKLM\Software\MyWay\myBar#Visible
HKLM\Software\MyWay\myBar#SettingsDir
HKLM\Software\MyWay\myBar#ConfigRevision
HKLM\Software\MyWay\myBar#ConfigRevisionURL
HKLM\Software\MyWay\myBar#ConfigDateStamp
HKLM\Software\MyWay\myBar#Maximized
HKLM\Software\MyWay\myBar\partner
HKLM\Software\MyWay\myBar\partner#bitmap
HKLM\Software\MyWay\myBar\partner#name
HKLM\Software\MyWay\myBar\partner#test
HKLM\Software\MyWay\myBar\partner#PM-Home
HKLM\Software\MyWay\myBar\partner#PM-Points
HKLM\Software\MyWay\myBar\partner#PM-Redeem
HKLM\Software\MyWay\myBar\partner#PM-Wallet
HKLM\Software\MyWay\myBar\partner#PM-Settings

Adware.BargainBuddy/NaviSearch
C:\Program Files\BullsEye Network

Spyware.ShopNav
C:\Program Files\Srng\SRNG.LOCK
C:\Program Files\Srng

Adware.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\IFOQ\IFOQD\CLASS-BARREL
C:\PROGRAM FILES\COMMON FILES\IFOQ\IFOQD\VOCABULARY

Spyware.ShopNav-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1303\A0228677.EXE

Adware.BetterInternet
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1303\A0228678.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1303\A0228681.EXE

NotHarmful.Sysinternals Bluescreen Screen Saver
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1303\A0228687.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1304\A0228694.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1304\A0228703.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1304\A0228719.SCR
C:\WINDOWS\SYSTEM32\BLPHCNTJJ0ECCL.SCR

Adware.eXactAdvertising-Installer
C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUNUNINSTALL.EXE
C:\WINDOWS\SYSTB.EXE

TargetSaver, Inc. Process
C:\WINDOWS\SYSTEM32\TSUNINST.EXE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:43 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Netopia\C3kWepN.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_DIR~1.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphcntjj0eccl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9884&s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9884&s=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [C2kWep] C:\Program Files\Netopia\C3kWepN.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lphcntjj0eccl] C:\WINDOWS\system32\lphcntjj0eccl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/9.0.2.14/applet/addiction/addiction-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.3.19/applet/platespinner/platespinner-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.0.4.7/applet/firstclass2/firstclass2-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game3.pogo.com/v/9.0.1.7/applet/fancy/fancy-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game3.pogo.com/v/9.0.1.17/applet/mahjong2/mahjong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/9.0.3.15/applet/safari/safari-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/waterwheel/waterwheel-en_US.cab
O16 - DPF: Poppit by pogo - http://game3.pogo.com/v/9.0.1.7/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.com/v/9.0.1.7/applet/sweettooth2/sweettooth2-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game3.pogo.com/v/9.0.2.13/applet/tumbee2/tumbee2-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/worldclass/worldclass-en_US.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/bridge-c5.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/peggle/popcaploader_v10_en.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 12030 bytes

cdavfrew · Jun 29, 2008

Hi ohnoez

Just because you have the same symptons, it doesn't mean that you have the same problem, which is why you shouldn't follow steps listed in any thread if it isn't directed to you.

I see a trace of Malware Protector 2008 on your system. That was the problem of other victims.

First of all, do the scan again in safe mode, and quarantine all results. Post the scan log here again, unless you have done so already.

Fix the following entries in HijackThis (in normal mode)

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [lphcntjj0eccl] C:\WINDOWS\system32\lphcntjj0eccl.exe

Next, follow Ltangel's instructions on downloading and running Combofix in this thread: http://forums.afterdawn.com/thread_view.cfm/639221 Post the log here. Do so in normal mode.

Best Regards

ohnoez · Jun 29, 2008

cdavfrew, thank you for your quick response. I've spent the day scanning and here are the new logs from each program.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/29/2008 at 05:05 PM

Application Version : 4.15.1000

Core Rules Database Version : 3493
Trace Rules Database Version: 1484

Scan type : Complete Scan
Total Scan Time : 05:53:02
username\
Memory items scanned : 171
Memory threats detected : 0
Registry items scanned : 4820
Registry threats detected : 0
File items scanned : 148732
File threats detected : 9

Adware.Tracking Cookie
C:\Documents and Settings\username\Cookies\username@be.sitestat[1].txt
C:\Documents and Settings\username\\Cookies\username@be.sitestat[2].txt
.ads.addynamix.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
be.sitestat.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
be.sitestat.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
counter.hitslink.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.sixapart.adbureau.net [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\username\\Application Data\Mozilla\Firefox\Profiles\6e3mca3t.default\cookies.txt ]

Adware.IST/ISTBar (Slotch Bar)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1305\A0228730.EXE

NotHarmful.Sysinternals Bluescreen Screen Saver
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1305\A0228731.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1305\A0228748.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1305\A0228763.SCR

Adware.eXactAdvertising-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1305\A0228732.EXE

TargetSaver, Inc. Process
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1305\A0228733.EXE

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\PHCNTJJ0ECCL.BMP

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:18 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_DIR~1.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [C2kWep] C:\Program Files\Netopia\C3kWepN.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/9.0.2.14/applet/addiction/addiction-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.3.19/applet/platespinner/platespinner-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.0.4.7/applet/firstclass2/firstclass2-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game3.pogo.com/v/9.0.1.7/applet/fancy/fancy-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game3.pogo.com/v/9.0.1.17/applet/mahjong2/mahjong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/9.0.3.15/applet/safari/safari-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/waterwheel/waterwheel-en_US.cab
O16 - DPF: Poppit by pogo - http://game3.pogo.com/v/9.0.1.7/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.com/v/9.0.1.7/applet/sweettooth2/sweettooth2-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game3.pogo.com/v/9.0.2.13/applet/tumbee2/tumbee2-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/worldclass/worldclass-en_US.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/bridge-c5.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/peggle/popcaploader_v10_en.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 10993 bytes

ComboFix 08-06-20.4 - Username 2008-06-29 17:29:40.1 - NTFSx86
Running from: C:\Documents and Settings\Username\Desktop\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\BulletProofSoft.com
C:\Program Files\comet systems
C:\Program Files\comet systems\DM\activeJobs.xml
C:\Program Files\comet systems\DM\bin\dmfilemap.xml
C:\Program Files\comet systems\DM\bin\publicKey.pbk
C:\Program Files\comet systems\DM\completedJobs.xml
C:\Program Files\comet systems\DM\jobIndex.xml
C:\Program Files\comet systems\DM\pendingJobs.xml
C:\Program Files\comet systems\DM\productInfo.xml
C:\Program Files\comet systems\DM\request.xml
C:\Program Files\comet systems\DM\response.xml
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\instsrv.exe
C:\WINDOWS\system32\stlbdist.XML

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-28 21:55 . 2008-06-28 21:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-28 15:15 . 2008-06-28 15:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-28 15:15 . 2008-06-28 15:15 <DIR> d-------- C:\Documents and Settings\Username\Application Data\SUPERAntiSpyware.com
2008-06-28 15:15 . 2008-06-28 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-28 15:14 . 2008-06-28 15:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 10:28 . 2008-06-28 10:28 109,056 --a------ C:\WINDOWS\SYSTEM32\lphcntjj0eccl.exe
2008-06-21 19:34 . 2008-06-21 19:34 <DIR> d-------- C:\Program Files\iPod
2008-06-21 12:46 . 2008-06-28 15:33 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-21 09:54 . 2008-06-29 09:34 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-06-21 09:54 . 2008-06-21 09:54 <DIR> d-------- C:\Program Files\AVG
2008-06-21 09:54 . 2008-06-29 10:16 <DIR> d-------- C:\Documents and Settings\Username\Application Data\AVGTOOLBAR
2008-06-21 09:54 . 2008-06-21 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-21 09:54 . 2008-06-21 09:54 96,520 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-06-21 09:54 . 2008-06-21 09:54 75,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
2008-06-21 09:54 . 2008-06-21 09:54 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-06-10 17:51 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 15:26 --------- d-----w C:\Program Files\WMR11
2008-06-28 17:33 --------- d-----w C:\Program Files\Common Files\ifoq
2008-06-28 15:42 --------- d-----w C:\Documents and Settings\Username\Application Data\AdobeUM
2008-06-22 00:40 --------- d-----w C:\Program Files\Apple Software Update
2008-06-22 00:35 --------- d-----w C:\Program Files\iTunes
2008-06-22 00:31 --------- d-----w C:\Program Files\QuickTime
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-26 04:28 0 --sha-w C:\Documents and Settings\Username\Application Data\00483a3bac3701e7aec91c4e5694af22f974f558f2.dat
2008-05-22 03:01 1,713,066 ----a-w C:\WINDOWS\Java\Packages\89F5R97P.ZIP
2008-05-17 19:47 2,934,622 ----a-w C:\WINDOWS\Java\Packages\B5BNX3VB.ZIP
2008-05-17 04:24 1,851,425 ----a-w C:\WINDOWS\Java\Packages\2OQ1ZDZN.ZIP
2008-05-09 02:17 2,671,195 ----a-w C:\WINDOWS\Java\Packages\31VFHFD7.ZIP
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-08 03:50 3,502,787 ----a-w C:\WINDOWS\Java\Packages\8K2TBXNV.ZIP
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-05-04 03:32 --------- d-----w C:\Documents and Settings\Username\Application Data\Yahoo!
2008-05-04 00:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-04 00:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-04 00:02 --------- d-----w C:\Program Files\Yahoo!
2008-04-29 23:50 3,601,343 ----a-w C:\WINDOWS\Java\Packages\WAAQNXZR.ZIP
2008-04-28 03:16 2,171,564 ----a-w C:\WINDOWS\Java\Packages\7TVPJ3N1.ZIP
2008-04-27 23:14 2,489,158 ----a-w C:\WINDOWS\Java\Packages\DN53F7B3.ZIP
2008-04-27 01:29 2,181,091 ----a-w C:\WINDOWS\Java\Packages\68Q1JFX3.ZIP
2008-04-27 00:09 2,438,754 ----a-w C:\WINDOWS\Java\Packages\EXJHB7TZ.ZIP
2008-04-26 22:00 3,125,722 ----a-w C:\WINDOWS\Java\Packages\V7P7PNZN.ZIP
2008-04-24 03:16 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2004-04-20 17:03 812 ----a-w C:\Program Files\INSTALL.LOG
2005-05-13 22:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-07-14 17:31 27,648 --sha-r C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 20:32 616,448 --sha-r C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-22 03:37 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\SYSTEM32\flvDX.dll
2004-01-25 05:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\i420vfw.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\SYSTEM32\msfDX.dll
2005-02-28 18:16 240,128 --sha-r C:\WINDOWS\SYSTEM32\x.264.exe
2004-01-25 05:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2007-04-06 04:34 190024]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Aim6"="" []
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 16:46 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-22 00:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-22 00:44 126976]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-09-29 11:58 151597]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"PhilipsRemote"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe" [2002-10-24 14:03 69632]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm,ExportedCheckODLs" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 04:48 36975]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2007-04-06 04:34 190024]
"C2kWep"="C:\Program Files\Netopia\C3kWepN.exe" [2004-03-24 13:46 233472]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 01:05 127035]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18 49152]
"WD Button Manager"="WDBtnMgr.exe" [2008-01-02 19:58 364544 C:\WINDOWS\SYSTEM32\WDBtnMgr.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-21 09:54 1177368]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 12:37 7094272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 53760 C:\WINDOWS\SYSTEM32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-09-29 11:54:40 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44 282624]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [2008-01-02 20:00:29 98304]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Shareaza
"6346:UDP"= 6346:UDP:Shareaza

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-21 09:54]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-21 09:54]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-21 09:54]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-21 09:54]
R2 UacFlt;Philips Composite Class Filter Driver;C:\WINDOWS\system32\DRIVERS\uacbflt.sys [2002-06-14 00:40]
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 14:05]
S2 .NET Connection Service;.NET Framework Service;C:\WINDOWS\svchost.exe []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-14 14:40]
S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 14:05]
S3 SWLD23U;Netopia 802.11b WLAN USB Adapter;C:\WINDOWS\system32\DRIVERS\SWLD23U.sys [2003-12-17 17:58]
S3 swlubtl;WLAN USB Boot Device;C:\WINDOWS\system32\Drivers\swlubtl.sys [2003-05-02 13:26]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 01:04]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 16:00:03 C:\WINDOWS\Tasks\86B0D5F9938B6F55.job"
- c:\progra~1\itchan~1\wma loud mapi.exe
"2008-06-29 16:00:04 C:\WINDOWS\Tasks\AF0A6E04918A1FCC.job"
- c:\progra~1\itchan~1\wma loud mapi.exe
"2008-06-22 00:23:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-28 17:00:13 C:\WINDOWS\Tasks\{EFB4CDBB-8613-4548-AE0B-11A5F54DD746}_BRITTANY_Username.job"
- C:\WINDOWS\system32\MOBSYNC.EXEN /Schedule=
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 17:36:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-29 17:56:40
ComboFix-quarantined-files.txt 2008-06-29 22:56:09

Pre-Run: 16,084,574,208 bytes free
Post-Run: 16,074,731,520 bytes free

212 --- E O F --- 2008-06-20 03:15:49

cdavfrew · Jun 30, 2008

Hi ohnoez

Did you quarantine all your Superantispyware results?

It seems that you have the very latest version of Malware Protector 2008. I have seen nothing like this. Please boot in safe mode, and cut, not copy, the following files into a separate folder on your desktop.

C:\WINDOWS\system32\lphcntjj0eccl.exe
C:\Program Files\Srng\Srng.exe
C:\WINDOWS\SYSTEM32\PHCNTJJ0ECCL.BMP

Make this folder into a zip file, and upload it to these three websites after you have rebooted into normal mode:

http://www.virustotal.com/ (Post the results here)
http://analysis.avira.com/samples/ (Wait for the Avira support team to contact you by email, )
http://www.uploadmalware.com/ (Upload the files individually, not as a zip file)

After this, tell me how your problem is right now.

Best Regards

ohnoez · Jun 30, 2008

Hello again I made sure everything had a check-mark and quarantined all results. Last night the computer seemed to be back to normal, however one can never be too sure! I'll follow your instructions when I am back on my computer later and edit with an update. Thank you so much for your assistance thus far.

OK, I booted into safe mode, but was only able to locate C:\WINDOWS\system32\lphcntjj0eccl.exe, so I made that into a zip file and posted. Here's what the results are.

Virus Total:
Result: 12/33 (36.37%)

Antivirus Version Last Update Result
AhnLab-V3 2008.7.1.0 2008.06.30 -
AntiVir 7.8.0.59 2008.06.30 TR/Vundo.Gen
Authentium 5.1.0.4 2008.06.29 -
Avast 4.8.1195.0 2008.06.30 Win32:Agent-ZXU
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.06.30 -
CAT-QuickHeal 9.50 2008.06.30 (Suspicious) - DNAScan
ClamAV 0.93.1 2008.07.01 -
DrWeb 4.44.0.09170 2008.06.30 Trojan.Packed.557
eSafe 7.0.17.0 2008.06.30 Suspicious File
eTrust-Vet 31.6.5914 2008.06.30 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.06.29 -
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.07.01 Dorf.C
GData 2.0.7306.1023 2008.06.30 Win32:Agent-ZXU
Ikarus T3.1.1.26.0 2008.06.30 Trojan.Vundo
Kaspersky 7.0.0.125 2008.07.01 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.06.30 Trojan:Win32/Tibs.GK
NOD32v2 3229 2008.06.30 -
Norman 5.80.02 2008.06.30 -
Panda 9.0.0.4 2008.07.01 -
Prevx1 V2 2008.07.01 Malicious Software
Rising 20.51.02.00 2008.06.30 -
Sophos 4.30.0 2008.07.01 Mal/Dorf-C
Sunbelt 3.1.1509.1 2008.06.30 -
Symantec 10 2008.07.01 -
TheHacker 6.2.96.365 2008.07.01 -
TrendMicro 8.700.0.1004 2008.06.30 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.06.30 Win32.Malware.gen!92

I still haven't gotten a detailed e-mail from Avira, but this is what it said after uploading:

Filename Result
lphcntjj0eccl.exe MALWARE

The file 'lphcntjj0eccl.exe' has been determined to be 'MALWARE'. This malware is detected by a special detection routine from the engine module.

And I uploaded it to the third site, but haven't received any e-mails.

My computer seems to be acting alright at the moment. When I first boot up it looks like something wants to pop up - it shows the outline of a box but it's just a flicker and it never actually pops up. There's also a "pop" sound but I don't know where it's coming from..

cdavfrew · Jul 1, 2008

Hi ohnoez

Two final things to do.

Download and run Vundofix and Virtumundobegone. Post their logs here.

Then post another HijackThis log.

Best Regards

Log in or Sign up

tt5.tmp.vbs script file not found error HELP HELP PLZ!

izzo62 Member

2oldGeek Active member

bishaym Member

2oldGeek Active member

cdavfrew Regular member

2oldGeek Active member

cdavfrew Regular member

2oldGeek Active member

bishaym Member

2oldGeek Active member

cdavfrew Regular member

2oldGeek Active member

cdavfrew Regular member

2oldGeek Active member

ohnoez Member

cdavfrew Regular member

ohnoez Member

cdavfrew Regular member

ohnoez Member

cdavfrew Regular member

Share This Page

Log in or Sign up

tt5.tmp.vbs script file not found error HELP HELP PLZ!

izzo62 Member

2oldGeek Active member

bishaym Member

2oldGeek Active member

cdavfrew Regular member

2oldGeek Active member

cdavfrew Regular member

2oldGeek Active member

bishaym Member

2oldGeek Active member

cdavfrew Regular member

2oldGeek Active member

cdavfrew Regular member

2oldGeek Active member

ohnoez Member

cdavfrew Regular member

ohnoez Member

cdavfrew Regular member

ohnoez Member

cdavfrew Regular member

Share This Page

Useful Searches